SCS-C02 · Question #11
SCS-C02 Question #11: Real Exam Question with Answer & Explanation
The correct answer is C: Create a suppression rule in GuardDuty to filter findings by automatically archiving new findings. https://docs.aws.amazon.com/guardduty/latest/ug/findings_suppression-rule.html
Question
A company has enabled Amazon GuardDuty in all AWS Regions as part of its security monitoring strategy. In one of its VPCs, the company hosts an Amazon EC2 instance that works as an FTP server. A high number of clients from multiple locations contact the FTP server. GuardDuty identifies this activity as a brute force attack because of the high number of connections that happen every hour. The company has flagged the finding as a false positive, but GuardDuty continues to raise the issue. A security engineer must improve the signal-to-noise ratio without compromising the company's visibility of potential anomalous behavior. Which solution will meet these requirements?
Options
- ADisable the FTP rule in GuardDuty in the Region where the FTP server is deployed.
- BAdd the FTP server to a trusted IP list. Deploy the list to GuardDuty to stop receiving the
- CCreate a suppression rule in GuardDuty to filter findings by automatically archiving new findings
- DCreate an AWS Lambda function that has the appropriate permissions to delete the finding
Explanation
https://docs.aws.amazon.com/guardduty/latest/ug/findings_suppression-rule.html
Community Discussion
No community discussion yet for this question.