🔥 3-day streak
AWS Certified Security - Specialty47 / 157
Question 47 of 157

A security team enables Amazon GuardDuty in their production account. They want to automatically trigger an isolation Lambda function only when GuardDuty reports an EC2 instance that is likely compromised and being used for cryptomining or command-and-control activity, while avoiding automated action on low-confidence reconnaissance findings. Which approach BEST accomplishes this without building custom parsing logic for every finding type?

Reviewed for accuracy · Report an issueNext question