Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 173 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 173
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company suspects that an attacker has exploited an overly permissive role to export credentials from Amazon EC2 instance metadata. The company uses Amazon GuardDuty and AWS Audit Manager. The company has enabled AWS CloudTrail logging and Amazon CloudWatch logging for all of its AWS accounts.

A security engineer must determine if the credentials were used to access the company's resources from an external account.

Which solution will provide this information?

  • A. Review GuardDuty findings to find InstanceCredentialExfiltration events.
  • B. Review assessment reports in the Audit Manager console to find InstanceCredentialExfiltration events.
  • C. Review CloudTrail logs for GetSessionToken API calls to AWS Security Token Service (AWS STS) that come from an account ID from outside the company.
  • D. Review CloudWatch logs for GetSessionToken API calls to AWS Security Token Service (AWS STS) that come from an account ID from outside the company.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Zek at May 14, 2024, 4:52 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
GirishArora22
2 months, 1 week ago
Selected Answer: A
Use managed solution instead of custom solution
upvoted 2 times
...
xekiva3329
3 months, 2 weeks ago
Selected Answer: A
My answer is A.
upvoted 2 times
...
xekiva3329
3 months, 2 weeks ago
My answer is A.
upvoted 2 times
...
PegasusForever
3 months, 3 weeks ago
My answer is A. https://aws.amazon.com/blogs/aws/amazon-guardduty-enhances-detection-of-ec2-instance-credential-exfiltration/
upvoted 3 times
...
grekh001
4 months ago
A UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS Credentials that were created exclusively for an EC2 instance through an Instance launch role are being used from an external IP address. Default severity: High Data source: CloudTrail management events or S3 data events This finding informs you that a host outside of AWS has attempted to run AWS API operations using temporary AWS credentials that were created on an EC2 instance in your AWS environment. The listed EC2 instance might be compromised, and the temporary credentials from this instance might have been exfiltrated to a remote host outside of AWS.
upvoted 3 times
...
aescudero51
4 months ago
Selected Answer: C
My answer is C. By reviewing CloudTrail logs for GetSessionToken calls originating from external accounts, the security engineer can identify attempts to use the stolen credentials to assume temporary roles within the company's AWS environment. This would be a strong indicator of compromised credentials.
upvoted 1 times
helloworldabc
2 weeks, 5 days ago
just A
upvoted 1 times
...
...
5409b91
4 months, 2 weeks ago
Selected Answer: C
i think C
upvoted 1 times
...
Zek
4 months, 3 weeks ago
A https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-instancecredentialexfiltrationoutsideaws
upvoted 4 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel