Q27 — AWS DOP-C02 Ch.1

Question 27 of 100 | ← Chapter 1

A company has a VPC consisting of one public subnet and one private subnet. An application runs on Amazon EC2 instances in the private subnet. An application load balancer resides in the public subnet and distributes traffic to the EC2 instances. The company has enabled Amazon GuardDuty for the account. The DevOps team maintains a daily-updated external IP range list stored in an Amazon S3 bucket. The DevOps engineer needs to configure GuardDuty to generate findings when application traffic originates from IP ranges in that external list.

Correct Answer: B. Configure a threat list in GuardDuty with the source set to the external IP range list in the S3 bucket. Create an Amazon EventBridge rule that runs daily and invokes an AWS Lambda function. Configure the Lambda function to refresh the GuardDuty threat list to match the external IP range list in the S3 bucket.

Explanation

Option B is correct because GuardDuty supports threat lists—external IP ranges that, when observed in traffic, automatically generate findings. Threat lists are designed precisely for this use case: detecting traffic from known malicious or unauthorized external IPs. Option A creates filters, which suppress or categorize existing findings but do not generate new ones. Option C configures a trusted IP list, which excludes traffic from those IPs from analysis—opposite to the requirement. Option D incorrectly targets localIp (internal IPs), not publicIp sources.