AWS Certified Security – Specialty — Question 450

A company's security administrator receives an AWS Abuse notification that an IAM user's access key might be compromised. A legacy application uses the IAM user. The security administrator must remediate the potential compromise with the least possible downtime to the application.

Which solution will meet these requirements?

Answer options

• A. Delete the IAM user's access key Immediately. Create a new access key to update in the legacy application.
• B. Create a new access key for the IAM user. Update the latest application version to use the new access key. Deactivate the compromised access key.
• C. Attach an IAM policy to revoke all sessions from before the time of the AWS Abuse notification.
• D. Update the legacy application to use an IAM role that has the same permissions as the IAM user.

Correct answer: B

Explanation

Creating a new access key and updating the legacy application before deactivating the old one ensures that the application remains operational during the key rotation, minimizing downtime. Deleting the key immediately would cause immediate application failure, while migrating a legacy application to use an IAM role might require extensive code changes and testing, leading to significant delays and potential downtime.