🔥 3-day streak
AWS Certified Security - Specialty61 / 184
Question 61 of 184
A security engineer receives a GuardDuty finding of type UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS. The finding indicates that credentials from an EC2 instance's IAM role were used from an IP address outside AWS. The instance itself is still running normally and serving production traffic, and the team cannot immediately terminate or isolate it without causing an outage. What is the MOST effective immediate containment action to stop the attacker from continuing to use the stolen credentials?
Reviewed for accuracy · Report an issueNext question