🔥 3-day streak
AWS Certified Security - Specialty66 / 184
Question 66 of 184
A financial services company runs a production Amazon Aurora MySQL cluster that stores customer account data. The security team recently enabled GuardDuty RDS Protection across the organization. GuardDuty generates a finding of type 'CredentialAccess:RDS/AnomalousBehavior.SuccessfulLogin' indicating a successful login to the Aurora cluster from an unusual location using a rarely used database user. The security team needs to confirm the scope of the activity and quickly contain the potentially compromised database credential while minimizing disruption to legitimate applications. Which combination of actions BEST addresses this incident?
Reviewed for accuracy · Report an issueNext question