🔥 3-day streak
AWS Certified Security - Specialty41 / 157
Question 41 of 157
A security team runs a multi-account AWS Organization. When GuardDuty produces a HIGH or CRITICAL finding for an EC2 instance, the team wants automation to determine the incident-response path: production instances (tagged Environment=prod) must trigger a human approval step before any containment action, while non-production instances should be automatically isolated. All findings flow to a central security account via an EventBridge rule. Which design best meets these requirements while minimizing custom code and operational overhead?
Reviewed for accuracy · Report an issueNext question