A company’s security engineer is investigating an Amazon GuardDuty finding for unusual activity for an IAM role. The AWS account has AWS Single Sign-On configured with federation with the company’s on-premises Active Directory domain controller. The security engineer determines that the root cause of the finding is a compromised Active Directory identity on premises. Multiple production workloads are using the IAM role on AWS. The security engineer must mitigate the unauthorized use of the IAM role while minimizing production workload downtime on AWS. Which combination of actions should the security engineer take to meet these requirements? (Choose two.)

Topic #: - All AWS Certified Security - Specialty Questions

A. Inactivate the IAM role’s access key. Issue a new IAM access key,
B. Revoke access for the identity in the on-premises Active Directory. Most Voted
C. Attach an IAM policy to the IAM role to deny all access to any AWS Security Token Service (AWS STS) tokens that were issued prior to the current time. Most Voted
D. Attach an IAM policy to the IAM role to deny access to the federated Active Directory identity’s ARN.
E. Remove the IAM role’s login profile to restrict use of the AWS Management Console.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Reference Material:

Suggested Answer:

Reference Material:

Share this post

Join the Discussion