ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 491 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 491
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A security engineer receives an abuse report email message from the AWS Trust and Safety team. The abuse report identifies a resource that appears to be compromised. The abuse report indicates that the resource is an IAM access key that belongs to a DevOps engineer in the security engineer's company. The access key is used in a deployment system that uses AWS Lambda functions to launch AWS CloudFormation stacks.

The security engineer must address the abuse report, prevent any further use of the exposed access key, and implement security best practices.

Which solution will meet these requirements?

  • A. Locate the compromised IAM access key and deactivate or delete the key. Generate new access keys for the Lambda deployment process. Apply the new keys to the deployment system. In the account that contained the compromised key, create a new support case in AWS Support to detail these remediation steps.
  • B. Delete or deactivate the compromised IAM access key. Discontinue the use of IAM access keys. Create a new IAM role for the Lambda deployment process. Apply the IAM role to the deployment system Lambda functions. Respond directly to the abuse report message to detail these remediation steps.
  • C. Locate the compromised IAM access key. Delete the IAM user that is associated with the access key. Generate a new access key. Store the new key as an AWS Secrets Manager secret. Encrypt the secret with an AWS Key Management Service (AWS KMS) customer managed key. Update the Lambda functions to retrieve the access key from AWS Secrets Manager at runtime. In the account that contained the compromised key, create a new support case in AWS Support to detail these remediation steps.
  • D. Delete or deactivate the compromised IAM access key. Generate and store a new access key as an environmental variable within the configuration of the deployment system's Lambda functions. Respond directly to the abuse report message to detail these remediation steps.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by cloudenthusiast at June 2, 2023, 8:11 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cloudenthusiast
Highly Voted 2 years ago
Selected Answer: B
By deleting or deactivating the compromised IAM access key, you immediately prevent any further use of the exposed key. Discontinuing the use of IAM access keys is a best practice as it reduces the risk of key exposure and unauthorized access. Instead, the recommended approach is to use IAM roles for granting permissions to AWS services. Creating a new IAM role specifically for the Lambda deployment process allows for fine-grained control over the permissions granted to the deployment system. By using roles, you eliminate the need for access keys altogether. Applying the IAM role to the deployment system Lambda functions ensures that the functions have the necessary permissions to perform the required actions while maintaining the principle of least privilege. Responding directly to the abuse report message with details of the remediation steps demonstrates prompt action and compliance with the report.
upvoted 7 times
...
OCHT
Highly Voted 2 years ago
Selected Answer: B
Firstly, it's important to immediately deactivate or delete the compromised IAM access key to prevent any further misuse. Secondly, instead of using IAM access keys, which can be compromised, it is a best practice to use IAM roles for AWS services. IAM roles are more secure and manageable than long-term access keys. Here, an IAM role should be created for the Lambda functions to carry out the deployment process
upvoted 6 times
...
Noexperience
Most Recent 1 year, 9 months ago
Selected Answer: A
A. Locate the compromised IAM access key and deactivate or delete the key. Generate new access keys for the Lambda deployment process. Apply the new keys to the deployment system. In the account that contained the compromised key, create a new support case in AWS Support to detail these remediation steps.
upvoted 1 times
...
6_8ftwin
1 year, 11 months ago
Selected Answer: B
IAM roles are best practice instead of long term access keys: https://docs.aws.amazon.com/accounts/latest/reference/credentials-access-keys-best-practices.html#use-roles
upvoted 4 times
...
p4v10
2 years ago
Selected Answer: B
B is correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel