๐ Home
โบ
Cloud Security
โบ
Q5
60s
๐
โ๏ธ Cloud Security
Junior
Q5 / 5
Cloud Security
A GuardDuty finding shows an IAM user successfully logged in from an unusual country. What should a SOC analyst do first?
A
Ignore it โ GuardDuty often generates false positives for international travel
B
Immediately delete the IAM user account to prevent further access
C
Investigate via CloudTrail for actions taken during the session, verify with the user if legitimate, and consider temporary credential revocation pending investigation
D
Shut down all EC2 instances in the account until the investigation is complete
โ Previous
Select an answer above