exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 77 discussion

A company maintains an open-source application that is hosted on a public GitHub repository. While creating a new commit to the repository, an engineer uploaded their AWS access key and secret access key. The engineer reported the mistake to a manager, and the manager immediately disabled the access key.

The company needs to assess the impact of the exposed access key. A security engineer must recommend a solution that requires the least possible managerial overhead.

Which solution meets these requirements?

  • A. Analyze an AWS Identity and Access Management (IAM) use report from AWS Trusted Advisor to see when the access key was last used.
  • B. Analyze Amazon CloudWatch Logs for activity by searching for the access key.
  • C. Analyze VPC flow logs for activity by searching for the access key.
  • D. Analyze a credential report in AWS Identity and Access Management (IAM) to see when the access key was last used.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Just_Ninja
2 months, 2 weeks ago
Selected Answer: D
If we will get an Hint in the Question like Business or Enterprise Support, then i will choose A. But here is no Hint, so D ist the best Solution.
upvoted 1 times
...
Davidng88
2 months, 2 weeks ago
Selected Answer: A
AWS Trusted Advisor provides a comprehensive IAM use report that includes details on when access keys were last used. This report can quickly help you determine if the exposed key was used after it was uploaded to the public repository.
upvoted 1 times
NSA_Poker
1 month, 4 weeks ago
TrustAdvisor can just notify you if your key is exposed and also check for existence of IAM user to discourage root access https://docs.aws.amazon.com/awssupport/latest/user/trusted-advisor-check-reference.html#exposed-access-keys access_key_1_last_used_date is a column in the credential report CSV file. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html#:~:text=access_key_1_last_used_date
upvoted 1 times
...
...
Sodev
8 months ago
"The company needs to assess the impact of the exposed access key" is not right sentence. IAM credential report only show, last active, last active region. It is not show what resource or API is called after exposing keys. => To "Assess the impact" need analyzer Cloudtrail logs.
upvoted 1 times
...
ion_gee
8 months ago
Selected Answer: D
D is the best Answer. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html B is not a good answer in this scenario because cloudwatch should be used for monitoring and analyzing log data, and the access key may not be in plaintext due to security reasons. CloudWatch would be more useful for monitoring specific application or system activity rather than tracking the usage of an exposed access key.
upvoted 1 times
...
Raphaello
9 months, 1 week ago
Selected Answer: B
Best answer is B. The ask is to " assess the impact of the exposed access key", which mean how the exposed access key has been used. Credential report does not include such information, it includes information about the credential itself..when it was created, last used, last changed. Not useful to assess the impact.
upvoted 3 times
...
brpjp
11 months ago
Selected Answer: B is correct. Question is to analyze impact of exposed access key. From credential report you know only key last used, but not able to determine how many times key used and what activities performed.
upvoted 1 times
...
rahav
11 months, 2 weeks ago
Selected Answer: D
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html
upvoted 2 times
...
3633f8f
11 months, 3 weeks ago
Selected Answer: D
Least effort.
upvoted 2 times
...
kejam
1 year ago
Selected Answer: D
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html
upvoted 2 times
...
[Removed]
1 year ago
Selected Answer: D
D 99.999999% sure
upvoted 3 times
...
oioi
1 year ago
Selected Answer: D
correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...