🔥 3-day streak
AWS Certified Security - Specialty28 / 157
Question 28 of 157

A security analyst receives a GuardDuty finding indicating that an EC2 instance in the production account is communicating with a known cryptocurrency-mining IP address. Before deciding whether to isolate the instance, the analyst needs to understand whether this behavior is new, which IAM entities and API calls were involved, and how the affected resource's activity has changed over the past several weeks. Which AWS service is purpose-built to help the analyst perform this root-cause investigation with the least setup effort?

Reviewed for accuracy · Report an issueNext question