SCS-C02 · Question #199
SCS-C02 Question #199: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #199. The question stem and answer options stay visible for context.
Question
A company suspects that an attacker has exploited an overly permissive role to export credentials from Amazon EC2 instance metadata. The company uses Amazon GuardDuty and AWS Audit Manager. The company has enabled AWS CloudTrail logging and Amazon CloudWatch logging for all of its AWS accounts. A security engineer must determine if the credentials were used to access the company's resources from an external account. Which solution will provide this information?
Options
- AReview GuardDuty findings to find InstanceCredentialExfiltration events.
- BReview assessment reports in the Audit Manager console to find InstanceCredentialExfiltration
- CReview CloudTrail logs for GetSessionToken API calls to AWS Security Token Service (AWS
- DReview CloudWatch logs for GetSessionToken API calls to AWS Security Token Service (AWS
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.