No Result
View All Result
IT Quesion Library
Contribute
No Result
View All Result
No Result
View All Result

A security engineer receives an abuse report email message from the AWS Trust and Safety team. The abuse report identifies a resource that appears to be compromised. The abuse report indicates that the resource is an IAM access key that belongs to a DevOps engineer in the security engineer's company. The access key is used in a deployment system that uses AWS Lambda functions to launch AWS CloudFormation stacks. The…

QuestionsCategory: SCS-C01A security engineer receives an abuse report email message from the AWS Trust and Safety team. The abuse report identifies a resource that appears to be compromised. The abuse report indicates that the resource is an IAM access key that belongs to a DevOps engineer in the security engineer's company. The access key is used in a deployment system that uses AWS Lambda functions to launch AWS CloudFormation stacks. The…
0 Vote Up Vote Down
Admin Staff asked 4 months ago 
A security engineer receives an abuse report email message from the AWS Trust and Safety team. The abuse report identifies a resource that appears to be compromised. The abuse report indicates that the resource is an IAM access key that belongs to a DevOps engineer in the security engineer's company. The access key is used in a deployment system that uses AWS Lambda functions to launch AWS CloudFormation stacks.
The security engineer must address the abuse report, prevent any further use of the exposed access key, and implement security best practices.
Which solution will meet these requirements?

A. Locate the compromised IAM access key and deactivate or delete the key. Generate new access keys for the Lambda deployment process. Apply the new keys to the deployment system. In the account that contained the compromised key, create a new support case in AWS Support to detail these remediation steps.

B. Delete or deactivate the compromised IAM access key. Discontinue the use of IAM access keys. Create a new IAM role for the Lambda deployment process. Apply the IAM role to the deployment system Lambda functions. Respond directly to the abuse report message to detail these remediation steps.

C. Locate the compromised IAM access key. Delete the IAM user that is associated with the access key. Generate a new access key. Store the new key as an AWS Secrets Manager secret. Encrypt the secret with an AWS Key Management Service (AWS KMS) customer managed key. Update the Lambda functions to retrieve the access key from AWS Secrets Manager at runtime. In the account that contained the compromised key, create a new support case in AWS Support to detail these remediation steps.

D. Delete or deactivate the compromised IAM access key. Generate and store a new access key as an environmental variable within the configuration of the deployment system's Lambda functions. Respond directly to the abuse report message to detail these remediation steps.








 

Suggested Answer: D

Community Answer: B




This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.
Question Tags:

Related Questions

Recommended

No Result
View All Result

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In