You use a pre-authorized network scanner from the AWS marketplace in your AWS environment. Amazon GuardDuty is also enabled which detects a threat to protect your AWS account and workload.
However, GuardDuty keeps generating findings for the scanner IP. You want GuardDuty to ignore this particular IP as you are sure the scanner is working as expected.
Which action would you take to meet this requirement?

Answer options:

A.Edit a file that contains the trusted IP. In GuardDuty, upload the file to the threat list and activate the threat list. The findings that involve the IP address will be ignored.
B.Suppress the IP in VPC flow logs and CloudTrail events so that GuardDuty does not report events related to the IP address.
C.Suspend GuardDuty when the scanner is being used. Resume GuardDuty when the scanner is no longer required.
D.Upload a trusted IP list in GuardDuty that contains the whitelisted IP address so that GuardDuty does not generate findings based on activity that involves the IP address.

Answer: D
Option A is incorrect because the threat list consists of known malicious IP addresses, and GuardDuty will generate findings based on the threat list.
Option B is incorrect because you cannot suppress an IP from VPC flow logs or CloudTrail events. Instead, you can create a whitelist in GuardDuty.
Option C is incorrect because you do not need to suspend GuardDuty as you can trust the IP address while GuardDuty is running.
Option D is CORRECT because you can configure GuardDuty to use your own custom trusted IP list containing your allowed IP addresses for secure communication with your AWS infrastructure and applications. By doing so, GuardDuty would ignore the Scanner IP warnings and alerts.
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/guardduty-trusted-ip-list/