🔥 3-day streak
AWS Certified Security - Specialty67 / 157
Question 67 of 157

During an incident, a security analyst discovers that temporary credentials issued by an IAM role (used by a fleet of EC2 instances) were exfiltrated and are being used from an external IP to make API calls. The analyst has already identified the role. To immediately contain the threat and invalidate all currently active temporary sessions issued by this role — including those already handed out — while allowing legitimate instances to obtain new credentials after remediation, which action is MOST effective?

Reviewed for accuracy · Report an issueNext question