🔥 3-day streak
AWS Certified Security - Specialty37 / 157
Question 37 of 157
A security team wants automated containment when GuardDuty reports an UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration finding indicating that EC2 instance role credentials are being used from an external IP. The finding must trigger an automated action within seconds, but the team is concerned that a single Lambda invocation might fail silently and leave credentials active. They also want the response to be auditable and to avoid deleting the IAM role, since it is shared by an Auto Scaling group of healthy instances. Which approach BEST meets these requirements?
Reviewed for accuracy · Report an issueNext question