KT-IAS Privilege escalation

A junior analyst discovers they can add themselves to a cloud admin group via a misconfigured automation role. What is the BEST remediation sequence?

Multiple choice — select one answer

Answer choices

  1. a. Remove excessive permissions from the role, audit CloudTrail for prior abuse, and enforce least privilege on CI pipelines
  2. b. Delete all automation in the environment, using shared credentials instead of individual accountability.
  3. c. Promote the analyst to admin so they can monitor themselves, without security or identity team coordination per policy.
  4. d. Publish the role ARN in the team chat for transparency, without security or identity team coordination per policy.

Architectural breakdown & explanation

Fix the permission path, then determine if the flaw was exploited; CI roles are a common escalation vector.

Correct answer(s): a. Remove excessive permissions from the role, audit CloudTrail for prior abuse, and enforce least privilege on CI pipelines

Exam domain: Privilege escalation (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Identity & Access Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.