Answer-first summary for fast verification
Answer: Configure a Code Commit trigger to invoke an AWS Lambda function to scan new code submissions for credentials. If credentials are found, disable them in AWS IAM and notify the user.
Answer D provides a solution that is both immediate and automated, addressing the security concern directly where the issue originates—in the code repository. By configuring a CodeCommit trigger to invoke a Lambda function whenever new code is committed: 1. **Proactive Detection**: It allows for proactive scanning of new code submissions for IAM user credentials, ensuring that these vulnerabilities are caught as early as possible before they can propagate further or be exploited. 2. **Automated Remediation**: If credentials are found, the Lambda function can automatically take steps to disable them within AWS IAM. This automated response ensures that the risk is mitigated quickly without requiring manual intervention. 3. **Notification**: Notifying the user ensures that the development team is aware of the issue, which can help reinforce best practices and prevent future occurrences. Having a feedback loop is crucial for continuous improvement in security posture. Overall, this solution addresses the issue comprehensively by detecting, remediating, and educating, all through automated processes that can scale with the number of code submissions, making it particularly suitable for dynamic development environments.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
During an audit, a Security team discovered that a development team was putting IAM user secret access keys in their code and then committing it to an AWS Code Commit repository. The Security team wants to automatically find and remediate instances of this security Vulnerability. Which solution will ensure that the credentials are appropriately secured automatically?
A
Run a script nightly using AWS Systems Manager Run Command to search for credentials on the development instances. If found, use AWS Secrets Manager to rotate the credentials
B
Use a scheduled AWS Lambda function to download and scan the application code from Code Commit If credentials are found, generate new credentials and store them in AWS KMS
C
Configure Amazon Macie to scan for credentials in Code Commit repositories. If credentials are found trigger an AWS Lambda function to disable the credentials and notify the user.
D
Configure a Code Commit trigger to invoke an AWS Lambda function to scan new code submissions for credentials. If credentials are found, disable them in AWS IAM and notify the user.