AWS Certified Security – Specialty (SCS-C02) — Question 118

A development team is creating an open source toolset to manage a company's software as a service (SaaS) application. The company stores the code in a public repository so that anyone can view and download the toolset's code.

The company discovers that the code contains an IAM access key and secret key that provide access to internal resources in the company’s AWS environment

A security engineer must implement a solution to identify whether unauthorized usage of the exposed credentials has occurred. The solution also must prevent any additional usage of the exposed credentials.

Which combination of steps will meet these requirements? (Choose two.)

Answer options

• A. Use AWS Identity and Access Management Access Analyzer to determine which resources the exposed credentials accessed and who used them.
• B. Deactivate the exposed IAM access key from the user’s IAM account.
• C. Create a rule in Amazon GuardDuty to block the access key in the source code from being used.
• D. Create a new IAM access key and secret key for the user whose credentials were exposed.
• E. Generate an IAM credential report. Check the report to determine when the user that owns the access key last logged in.

Correct answer: A, B

Explanation

Option A is correct because AWS Identity and Access Management Access Analyzer can help identify which resources were accessed using the exposed credentials and by whom, allowing for auditing of unauthorized usage. Option B is also correct as deactivating the exposed IAM access key will prevent any further use of those credentials. The other options do not directly address the immediate need to assess usage or stop the compromised credentials from being used.