SCS-C03 · Question #147
SCS-C03 Question #147: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C03 to reveal the answer and full explanation for question #147. The question stem and answer options stay visible for context.
Question
A security engineer for a company needs to design an incident response plan that addresses compromised IAM user account credentials. The company uses an organization in AWS Organizations and AWS IAM Identity Center to manage user access. The company uses a delegated administrator account to implement AWS Security Hub. The delegated administrator account contains an organizational trail in AWS CloudTrail that logs all events to an Amazon S3 bucket. The company has also configured an organizational event data store that captures all events from the trail. The incident response plan must provide steps that the security engineer can take to immediately disable any compromised IAM user when the security engineer receives a notification of a security incident. The plan must prevent the IAM user from being used in any AWS account. The plan must also collect all AWS actions that the compromised IAM user performed across all accounts in the previous 7 days. Which solution will meet these requirements?
Options
- ADisable the compromised IAM user in the organization management account. Use Amazon
- BRemove all IAM policies that are attached to the IAM user in the organization management
- CRemove any permission sets that are assigned to the IAM user in IAM Identity Center. Use
- DDisable the IAM user's access in IAM Identity Center. Use AWS CloudTrail to query the
Unlock SCS-C03 to see the answer
You've previewed enough free SCS-C03 questions. Unlock SCS-C03 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.