🔥 3-day streak
AWS Certified Security - Specialty111 / 157
Question 111 of 157
During an incident, a security team confirms that an attacker used stolen credentials to copy sensitive objects from a production S3 bucket to an external AWS account over several hours. CloudTrail data events captured the GetObject calls. The compromised IAM user's keys have already been deactivated. The team now needs to eradicate the ongoing exfiltration path and prevent any further cross-account copying while forensic analysis continues, without deleting the affected objects. Which action most directly stops continued data movement out of the bucket?
Reviewed for accuracy · Report an issueNext question