Practice free →
HomeAWS Securitycloudcomputingscsthreatresponse › After detecting that a long-lived IAM access key…

After detecting that a long-lived IAM access key has been leaked publicly, which response is the CORRECT order under SCS-C02 §1.3?

ADelete the key immediately with no replacement (production outage)
BDisable CloudTrail to hide the leak
CTell the engineer to be more careful next time
DDeactivate the key → rotate (create new + update consumers) → delete the old key after verification
Answer & Solution
Correct answer: D. Deactivate the key → rotate (create new + update consumers) → delete the old key after verification
Deactivate → rotate → verify → delete is the canonical leaked-key playbook (per SCS-C02 §1.1, §1.3). The other options either cause outages or hide incidents.
Solve this in the app — AWS Security practice & 24k+ MCQs →
Related questions