In a scenario where a company's AWS account, which hosts a production application, receives an email notification about an Amazon GuardDuty finding indicating anomalous behavior by an IAM user (Impact:IAMUser/AnomalousBehavior), a security engineer is tasked with investigating this security incident. The investigation must be conducted without causing any disruption to the production application. Which of the following solutions would be the most efficient in terms of time to fulfill these investigation requirements?

Exam-Like

Access the AWS account with read-only credentials, examine the details of the GuardDuty finding related to the IAM credentials, and apply a DenyAll policy to the IAM principal via the IAM console.

0.0%

Access the AWS account with read-only credentials, analyze the GuardDuty finding to pinpoint the API calls that triggered the alert, and utilize Amazon Detective to conduct a contextual review of these API calls.

66.7%

Access the AWS account with administrator credentials, inspect the details of the GuardDuty finding concerning the IAM credentials, and implement a DenyAll policy to the IAM principal through the IAM console.

0.0%

Access the AWS account with read-only credentials, identify the API calls from the GuardDuty finding that led to the alert, and employ AWS CloudTrail Insights and AWS CloudTrail Lake for a contextual analysis of these API calls.

33.3%

AWS Certified Security - Specialty

Comments

Get started today