🔥 3-day streak
AWS Certified Security - Specialty72 / 157
Question 72 of 157

A financial services company has documented incident-response runbooks for handling compromised EC2 credentials, but during a recent real incident the on-call team discovered that the isolation Lambda function lacked the IAM permissions to modify security groups, delaying containment by several hours. The security lead wants to prevent this class of failure and ensure the response team is confident executing the plan. Which approach BEST addresses this gap as part of a mature incident-response program?

Reviewed for accuracy · Report an issueNext question