🔥 3-day streak
AWS Certified Security - Specialty53 / 184
Question 53 of 184
A security analyst receives a GuardDuty finding indicating unusual API activity from an IAM role in a production account. Before deciding on containment, the analyst needs to understand whether this role's behavior deviates from its historical baseline over the past 45 days and which resources it has interacted with. The company already has GuardDuty, Security Hub, and Amazon Detective enabled across the organization. Which approach lets the analyst most efficiently establish this behavioral context?
Reviewed for accuracy · Report an issueNext question