🔥 3-day streak
AWS Certified Security - Specialty50 / 157
Question 50 of 157

A security engineer at a financial services company wants Amazon GuardDuty to generate findings whenever EC2 instances communicate with a specific set of IP addresses that the company's own threat intelligence team has identified as malicious command-and-control servers. These IPs are not yet part of any AWS-managed threat list. The engineer needs GuardDuty to flag this traffic automatically going forward. What should the engineer do?

Reviewed for accuracy · Report an issueNext question