AWS Certified Security – Specialty SCS-C01 – Question309

A company uses Amazon GuardDuty to detect threats and malicious activities in AWS accounts. The company has subscribed to a third-party threat intelligence list uploaded to an Amazon S3 bucket.
How should the security engineer efficiently use the threat list across all company AWS accounts?

A.
Ensure the S3 bucket policy allows all company AWS accounts access to the threat list. Use an AWS Lambda function to automatically add the threat list to all company AWS accounts.
B. Ensure GuardDuty is in master-member configuration. Add the threat list to the master account referencing the S3 object that contains the threat list.
C. Ensure all accounts are part of the same organization in AWS Organizations. Add the threat list to any company account within AWS Organizations.
D. Ensure the threat list in the S3 bucket is publicly accessible. Use an Amazon CloudWatch Events event on GuardDuty findings to match IPs against the threat list.