AWS Certified Security - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Access the AWS account with read-only credentials, analyze the GuardDuty finding to pinpoint the API calls that triggered the alert, and utilize Amazon Detective to conduct a contextual review of these API calls.

The correct answer is B. Log in to the AWS account using read-only credentials, review the GuardDuty finding to determine which API calls initiated the finding, and use Amazon Detective to review the API calls in context. This approach enables comprehensive investigation without disrupting the production application. Read-only access ensures no changes are made, and Amazon Detective is specifically designed to complement Amazon GuardDuty by providing contextual insights into API activities.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

In a scenario where a company's AWS account, which hosts a production application, receives an email notification about an Amazon GuardDuty finding indicating anomalous behavior by an IAM user (Impact:IAMUser/AnomalousBehavior), a security engineer is tasked with investigating this security incident. The investigation must be conducted without causing any disruption to the production application. Which of the following solutions would be the most efficient in terms of time to fulfill these investigation requirements?

Exam-Like

Access the AWS account with read-only credentials, examine the details of the GuardDuty finding related to the IAM credentials, and apply a DenyAll policy to the IAM principal via the IAM console.

0.0%

Access the AWS account with read-only credentials, analyze the GuardDuty finding to pinpoint the API calls that triggered the alert, and utilize Amazon Detective to conduct a contextual review of these API calls.

75.0%

Access the AWS account with administrator credentials, inspect the details of the GuardDuty finding concerning the IAM credentials, and implement a DenyAll policy to the IAM principal through the IAM console.

Access the AWS account with read-only credentials, identify the API calls from the GuardDuty finding that led to the alert, and employ AWS CloudTrail Insights and AWS CloudTrail Lake for a contextual analysis of these API calls.