A company has an AWS account that hosts a production application.

Question

A company has an AWS account that hosts a production application. The company receives an email notification that Amazon GuardDuty has detected an
Impact lAMUser/AnomalousBehavior finding in the account. A security engineer needs to run the investigation playbook for this secunty incident and must collect and analyze the information without affecting the application.
Which solution will meet these requirements MOST quickly?

Accepted Answer

B. Log in to the AWS account by using read-only credentials Review the GuardDuty finding to determine which API calls initiated the finding Use Amazon Detective to review the API calls in context.

Answer

A. Log in to the AWS account by using read-only credentials Review the GuardDuty finding for details about the 1AM credentials that were used. Use the 1AM console to add a DenyAII policy to the 1AM pnncipal.

Answer

C. Log in to the AWS account by using administrator credentials Review the GuardDuty finding for details about the 1AM credentials that were used Use the 1AM console to add a DenyAII policy to the 1AM principal.

Answer

D. Log in to the AWS account by using read-only credentials Review the GuardDuty finding to determine which API calls initiated the finding Use AWS CloudTrail Insights and AWS CloudTrail Lake to review the API calls in context.

Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Exam SCS-C02 All Questions

Amazon Web Services AWS Certified Specialty SCS-C02 Question # 37 Topic 5 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts: