Free CrowdStrike CCCS-203b Actual Exam Questions - Question 5 Discussion
you notice a rule that detects misconfigured IAM roles in your AWS environment. What action should
you configure for this rule to prevent unauthorized access effectively?
Option A could work as a safer first step by monitoring misconfigured roles without taking any immediate action. This way, you get visibility and can assess the severity before deciding on further steps. Auto-remediation (C) seems too aggressive since deleting roles might break legitimate access. B sounds good in theory but probably can’t be enforced automatically through the policy. So, setting it to monitor first makes sense to gather data and avoid unnecessary disruptions.
B/D? Adding least-privilege conditions sounds ideal but might not be enforceable automatically, so alerting the team (D) ensures quick human response without risky auto-changes.
D, since auto-remediation might be risky without manual review.
Maybe D is better since immediate alerts let the security team react fast, whereas B might not be something you can enforce automatically within the rule itself.
Maybe D makes the most sense here because you want to be alerted immediately when there's a misconfigured IAM role, so the security team can step in and fix it before any damage happens. Auto-remediation like in C might be too aggressive and could break something if it deletes roles without proper checks. B sounds good for prevention but might not catch existing misconfigurations quickly. So alerting strikes a good balance between visibility and control.
Good point, but B is more proactive by enforcing least-privilege roles upfront.
B/D? I get why alerting (D) is good to catch issues without messing things up automatically, but adding a condition (B) to enforce least-privilege policies feels more proactive. It prevents misconfigurations in the first place rather than just reacting. Deleting roles right away (C) could break stuff if done blindly, and just monitoring (A) doesn’t actually stop unauthorized access. So, tweaking the rule to require least-privilege might be the safest way to improve compliance and security at the same time.
I’m leaning towards D here since setting it to alert would notify the team to investigate potential unauthorized access without risking accidental deletions or changes. Auto-remediation (C) seems risky if it deletes roles immediately. What do you think?