A security engineer received an Amazon GuardDuty alert indicating a finding involving the Amazon EC2 instance that hosts the company's primary website. The GuardDuty finding received read: UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration. The security engineer confirmed that a malicious actor used API access keys intended for the EC2 instance from a country where the company does not operate. The security engineer needs to deny access to the malicious actor. What is the first step the security engineer should take?
A) Open the EC2 console and remove any security groups that allow inbound traffic from 0.0.0.0/0.
B) Install the AWS Systems Manager Agent on the EC2 instance and run an inventory report.
C) Install the Amazon Inspector agent on the host and run an assessment with the CVE rules package.
D) Open the IAM console and revoke all IAM sessions that are associated with the instance profile.
Correct Answer:
Verified
Q167: A company plans to use custom AMIs
Q168: A Security Engineer accidentally deleted the imported
Q169: A company requires that SSH commands used
Q170: A company wants to encrypt the private
Q171: A Security Engineer is asked to update
Q173: A company has decided to use encryption
Q174: A security engineer is setting up a
Q175: A Security Engineer creates an Amazon S3
Q176: Authorized Administrators are unable to connect to
Q177: A company's Security Engineer is copying all
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents