Multiple Choice
An organization wants to be alerted when an unauthorized Amazon EC2 instance in its VPC performs a network port scan against other instances in the VPC. When the Security team performs its own internal tests in a separate account by using pre-approved third-party scanners from the AWS Marketplace, the Security team also then receives multiple Amazon GuardDuty events from Amazon CloudWatch alerting on its test activities. How can the Security team suppress alerts about authorized security tests while still receiving alerts about the unauthorized activity?
A) Use a filter in AWS CloudTrail to exclude the IP addresses of the Security team's EC2 instances.
B) Add the Elastic IP addresses of the Security team's EC2 instances to a trusted IP list in Amazon GuardDuty.
C) Install the Amazon Inspector agent on the EC2 instances that the Security team uses.
D) Grant the Security team's EC2 instances a role with permissions to call Amazon GuardDuty API operations.
Correct Answer:
Verified
Correct Answer:
Verified
Q43: A Security Engineer has discovered that, although
Q44: Which of the following is the most
Q45: A company is configuring three Amazon EC2
Q46: A Security Engineer is defining the logging
Q47: A company plans to move most of
Q49: A security engineer has noticed an unusually
Q50: A company has a forensic logging use
Q51: A company requires that SSH commands used
Q52: A security team is implementing a centralized
Q53: A Web Administrator for the website example.com