Multiple Choice
A security engineer received an Amazon GuardDuty alert indicating a finding involving the Amazon EC2 instance that hosts the company's primary website. The GuardDuty finding received read: UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration. The security engineer confirmed that a malicious actor used API access keys intended for the EC2 instance from a country where the company does not operate. The security engineer needs to deny access to the malicious actor. What is the first step the security engineer should take?
A) Open the EC2 console and remove any security groups that allow inbound traffic from 0.0.0.0/0.
B) Install the AWS Systems Manager Agent on the EC2 instance and run an inventory report.
C) Install the Amazon Inspector agent on the host and run an assessment with the CVE rules package.
D) Open the IAM console and revoke all IAM sessions that are associated with the instance profile.
Correct Answer:
Verified
Correct Answer:
Verified
Q63: A company's on-premises networks are connected to
Q64: A company uses an Amazon S3 bucket
Q65: A company is using AWS Organizations to
Q66: An application is running on an Amazon
Q67: A Security Administrator is restricting the capabilities
Q69: A company uses identity federation to authenticate
Q70: A Security Engineer manages AWS Organizations for
Q71: The Development team receives an error message
Q72: A company has a VPC with several
Q73: A large corporation is creating a multi-account