SCS-C03 Question #54: Real Exam Question with Answer & Explanation

Sign in or unlock SCS-C03 to reveal the answer and full explanation for question #54. The question stem and answer options stay visible for context.

Submitted by jakub_pl· Mar 6, 2026Incident Response

Question

A company's security engineer receives an abuse notification from AWS indicating that malware is being hosted from the company's AWS account. The security engineer discovers that an IAM user created a new Amazon S3 bucket without authorization. Which combination of steps should the security engineer take to MINIMIZE the consequences of this compromise? (Select THREE.)

Options

AEncrypt all AWS CloudTrail logs.
BTurn on Amazon GuardDuty.
CChange the password for all IAM users.
DRotate or delete all AWS access keys.
ETake snapshots of all Amazon Elastic Block Store (Amazon EBS) volumes.
FDelete any resources that are unrecognized or unauthorized.

Unlock SCS-C03 to see the answer

You've previewed enough free SCS-C03 questions. Unlock SCS-C03 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock SCS-C03 - $49.99 / 30 days Sign in

Topics

#Incident Response#Compromise Remediation#IAM Security#Threat Detection

Full SCS-C03 Practice Browse All SCS-C03 Questions