ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 245 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 245
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A security engineer received an Amazon GuardDuty alert indicating a finding involving the Amazon EC2 instance that hosts the company’s primary website. The GuardDuty finding received read:

UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.

The security engineer confirmed that a malicious actor used API access keys intended for the EC2 instance from a country where the company does not operate. The security engineer needs to deny access to the malicious actor.

What is the first step the security engineer should take?

  • A. Open the EC2 console and remove any security groups that allow inbound traffic from 0.0.0.0/0.
  • B. Install the AWS Systems Manager Agent on the EC2 instance and run an inventory report.
  • C. Install the Amazon Inspector agent on the host and run an assessment with the CVE rules package.
  • D. Open the IAM console and revoke all IAM sessions that are associated with the instance profile.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by phmeeeee at April 10, 2025, 1:44 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
phmeeeee
2 weeks, 2 days ago
Selected Answer: D
D - UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration (via assume role by instance profile) is mean for temporary creds, so revoke the session is the answer.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago