A company has enabled Amazon GuardDuty in all AWS Regions as part of its security monitoring strategy. In one of its VPCs, the company hosts an Amazon EC2 instance that works as an FTP server. A high number of clients from multiple locations contact the FTP server. GuardDuty identifies this activity as a brute force attack because of the high number of connections that happen every hour. The company has flagged the finding as a false positive, but GuardDuty continues to raise the issue. A security engineer must improve the signal-to-noise ratio without compromising the company's visibility of potential anomalous behavior. Which solution will meet these requirements? A. Disable the FTP rule in GuardDuty in the Region where the FTP server is deployed. B. Add the FTP server to a trusted IP list. Deploy the list to GuardDuty to stop receiving the notifications. C. Create a suppression rule in GuardDuty to filter findings by automatically archiving new findings that match the specified criteria. D. Create an AWS Lambda function that has the appropriate permissions to delete the finding whenever a new occurrence is reported.  Suggested Answer: C Community Answer: C This question is in SCS-C02 AWS Certified Security – Specialty Exam For getting AWS Certified Security – Specialty Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon. The website does not contain actual questions and answers from Amazon's Certification Exam.
Please login or Register to submit your answer
