A company has enabled Amazon GuardDuty in all Regions as part of its security monitoring strategy. In one of the VPCs, the company hosts an Amazon EC2 instance working as an FTP server that is contacted by a high number of clients from multiple locations. This is identified by GuardDuty as a brute force attack due to the high number of connections that happen every hour. The finding has been flagged as a false positive. However, GuardDuty keeps raising the issue. A Security Engineer has been asked to improve the signal-to-noise ratio. The Engineer needs to ensure that changes do not compromise the visibility of potential anomalous behavior. How can the Security Engineer address the issue?
A) Disable the FTP rule in GuardDuty in the Region where the FTP server is deployed
B) Add the FTP server to a trusted IP list and deploy it to GuardDuty to stop receiving the notifications
C) Use GuardDuty filters with auto archiving enabled to close the findings
D) Create an AWS Lambda function that closes the finding whenever a new occurrence is reported
Correct Answer:
Verified
Q120: A company recently experienced a DDoS attack
Q121: An application uses Amazon Cognito to manage
Q122: A company had one of its Amazon
Q123: A Security Engineer has discovered that, although
Q124: A Security Engineer is setting up an
Q126: An organization receives an alert that indicates
Q127: A Security Administrator at a university is
Q128: A corporate cloud security policy states that
Q129: The Security team believes that a former
Q130: An organization is using Amazon CloudWatch Logs
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents