You want to create a custom threat list in GuardDuty to block IP addresses from a known malicious source. Which steps should you take to implement this?

hard📝 Application Q8 of 15

AWS - Advanced Security

ACreate a trusted IP list and associate it with GuardDuty to whitelist those IPs

BCreate a threat intelligence set with the malicious IPs and enable it in GuardDuty

CManually block IPs in the VPC security groups

DEnable GuardDuty's built-in malware protection

Step-by-Step Solution

Solution:

Step 1: Understand GuardDuty custom threat lists
GuardDuty allows creating threat intelligence sets with IP addresses to detect malicious activity.
Step 2: Differentiate from trusted IP lists and other controls
Trusted IP lists whitelist IPs, not block. Security groups block traffic but are separate from GuardDuty. Malware protection is unrelated to IP blocking.
Final Answer:
Create a threat intelligence set with the malicious IPs and enable it in GuardDuty -> Option B
Quick Check:
Custom threat list = threat intelligence set C [OK]

Quick Trick: Use threat intelligence sets to add malicious IPs in GuardDuty [OK]

Common Mistakes:

Confusing trusted IP lists with threat lists
Relying only on security groups for threat detection

Master "Advanced Security" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More AWS Quizzes

You want to create a custom threat list in GuardDuty to block IP addresses from a known malicious source. Which steps should you take to implement this?

Step 1: Understand GuardDuty custom threat lists

Step 2: Differentiate from trusted IP lists and other controls

Final Answer:

Quick Check:

Want More Practice?