AWS Certified Security – Specialty (SCS-C03) — Question 54

A company recently set up Amazon GuardDuty and is receiving a high number of findings from IP addresses within the company. A security engineer has verified that these IP addresses are trusted and allowed.
Which combination of steps should the security engineer take to configure GuardDuty so that it does not produce findings for these IP addresses? (Choose two.)

Answer options

• A. Create a plaintext configuration file that contains the trusted IP addresses.
• B. Create a JSON configuration file that contains the trusted IP addresses.
• C. Upload the configuration file directly to GuardDuty.
• D. Upload the configuration file to Amazon S3. Add a new trusted IP list to GuardDuty that points to the file.
• E. Manually copy and paste the configuration file data into the trusted IP list in GuardDuty.

Correct answer: A, D

Explanation

The correct steps are to create a plaintext configuration file with the trusted IPs and upload it to Amazon S3 while creating a trusted IP list in GuardDuty that references this file. Options B and C are incorrect as GuardDuty does not accept JSON configuration files directly and does not support direct uploads. Option E is also not efficient compared to using a configuration file.