AWS Certified Security – Specialty (SCS-C03) — Question 18

A development team is creating an open source toolset to manage a company's software as a service (SaaS) application. The company stores the code in a public repository so that anyone can view and download the toolset's code.
The company discovers that the code contains an IAM access key and secret key that provide access to internal resources in the company’s AWS environment
A security engineer must implement a solution to identify whether unauthorized usage of the exposed credentials has occurred. The solution also must prevent any additional usage of the exposed credentials.
Which combination of steps will meet these requirements? (Choose two.)

Answer options

• A. Use AWS Identity and Access Management Access Analyzer to determine which resources the exposed credentials accessed and who used them.
• B. Deactivate the exposed IAM access key from the user’s IAM account.
• C. Create a rule in Amazon GuardDuty to block the access key in the source code from being used.
• D. Create a new IAM access key and secret key for the user whose credentials were exposed.
• E. Generate an IAM credential report. Check the report to determine when the user that owns the access key last logged in.

Correct answer: B, E

Explanation

The correct steps are B and E. Deactivating the exposed IAM access key (B) prevents any further unauthorized access to internal resources. Generating an IAM credential report (E) helps determine the last login time of the user, which can indicate whether the credentials were misused. Options A, C, and D do not directly address the immediate need to deactivate the exposed credentials or verify their usage effectively.