AWS Certified Security – Specialty (SCS-C02) — Question 70

A company uses AWS Signer with all of the company's AWS Lambda functions. A developer recently stopped working for the company. The company wants to ensure that all the code that the developer wrote can no longer be deployed to the Lambda functions.

Which solution will meet this requirement?

Answer options

• A. Revoke all versions of the signing profile assigned to the developer.
• B. Examine the developer's IAM roles. Remove all permissions that grant access to Signer.
• C. Re-encrypt all source code with a new AWS Key Management Service (AWS KMS) key.
• D. Use Amazon CodeGuru to profile all the code that the Lambda functions use.

Correct answer: A

Explanation

The correct answer is A because revoking all versions of the signing profile assigned to the developer ensures that none of their signed code can be deployed. Option B does not effectively prevent deployment since IAM roles can still be misused. Option C, while it improves security, does not directly address the issue of preventing deployment of already signed code. Option D is unrelated as it focuses on profiling code rather than preventing its deployment.