A company deployed Amazon GuardDuty in the us-east-1 Region. The company wants all DNS logs that relate to the company’s Amazon EC2 instances to be inspected.
What should a security engineer do to ensure that the EC2 instances are logged?
A. Use IPv6 addresses that are configured for hostnames.
B. Configure external DNS resolvers as internal resolvers that are visible only to AWS.
C. Use AWS DNS resolvers for all EC2 instances.
D. Configure a third-party DNS resolver with logging for all EC2 instances.
