A company’s security engineer receives an abuse notification from AWS.The notification indicates that someone is hosting malware from the company’s AWS account.After investigation, the security engineer finds a new Amazon S3 bucket that an IAM user created without authorization.
Which combination of steps should the security engineer take to MINIMIZE the consequences of this compromise?
(Choose three.)
Encrypt all AWS CloudTrail logs.
Turn on Amazon GuardDuty.
Change the password for all IAM users.
Rotate or delete all AWS access keys.
Take snapshots of all Amazon Elastic Block Store (Amazon EBS) volumes.
Delete any resources that are unrecognized or unauthorized.
I have a feeling that the answer is:
Change the password for all IAM users.