1. Home
  2. Discussions
  3. Amazon Web Services
  4. AWS Certified Specialty
  5. SCS-C02 Discussions
  6. SCS-C02 Exam Topic 13 Question 126 Discussion

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 126 Topic 13 Discussion

 Amazon Web Services Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 126 Topic 13 Discussion

SCS-C02 Exam Topic 13 Question 126 Discussion:
Question #: 126
Topic #: 13

A company has an AWS account that hosts a production application. The company receives an email notification that Amazon GuardDuty has detected an

Impact lAMUser/AnomalousBehavior finding in the account. A security engineer needs to run the investigation playbook for this secunty incident and must collect and analyze the information without affecting the application.

Which solution will meet these requirements MOST quickly?
A.

Log in to the AWS account by using read-only credentials Review the GuardDuty finding for details about the 1AM credentials that were used. Use the 1AM console to add a DenyAII policy to the 1AM pnncipal.

B.

Log in to the AWS account by using read-only credentials Review the GuardDuty finding to determine which API calls initiated the finding Use Amazon Detective to review the API calls in context.

C.

Log in to the AWS account by using administrator credentials Review the GuardDuty finding for details about the 1AM credentials that were used Use the 1AM console to add a DenyAII policy to the 1AM principal.

D.

Log in to the AWS account by using read-only credentials Review the GuardDuty finding to determine which API calls initiated the finding Use AWS CloudTrail Insights and AWS CloudTrail Lake to review the API calls in context.

Get Premium SCS-C02 Questions
Actual exam question for Amazon Web Services SCS-C02 exam by Zane5984 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous