🔥 3-day streak
AWS Certified DevOps Engineer - Professional168 / 204
Question 168 of 204
A financial services company runs a fleet of EC2 instances with attached IAM roles. The security team wants fully automated remediation whenever GuardDuty detects a finding of type 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS', which indicates that instance role credentials are being used from an external IP address. The remediation must immediately isolate the compromised instance and revoke the leaked temporary credentials so the attacker cannot continue using them, all without human intervention. Which approach meets these requirements?
Reviewed for accuracy · Report an issueNext question