🔥 3-day streak
AWS Certified Security - Specialty160 / 184
Question 160 of 184

A financial services company aggregates findings in AWS Security Hub across a multi-account organization. Their security team wants a fully automated response when GuardDuty raises an 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS' finding: the exposed IAM user's access keys must be deactivated within seconds, and an incident record must be created, all without requiring an engineer to log in. Which approach best meets these requirements while keeping the automation centralized in the security account?

Reviewed for accuracy · Report an issueNext question