incident-response-trainer
Mock scenarios · Rule-based grading
CatalogOverviewSnapshot
← Back to catalog
Cloud InfrastructurehardLeaked Cloud Access KeyCritical asset
Scenario

Static access key leaked and used from an anomalous location

A hard Cloud Infrastructure scenario on Leaked Cloud Access Key.

Practice this scenario

Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.

Launches this exact scenario. One of 2 templates in this Track + Difficulty pool.

catalog id · cloud-leaked-cloud-access-key

Training alignment

What this scenario practices, mapped to recognized frameworks.

Educational mapping only. Not a compliance attestation.

What this trains
  • Revoke and rotate a leaked cloud access key
  • Scope blast radius and move to short-lived credentials
MITRE ATT&CKmitre-attack
  • Valid Accounts: Cloud Accounts · Initial AccessT1078.004 · TA0001
    MappedHigh confidence

    Trains response to a leaked long-lived access key used from an anomalous location.

MITRE D3FENDmitre-d3fend
  • User Account ContainmentD3-UAC
    MappedHigh confidence

    Trains revoking and rotating the leaked key and invalidating sessions.

  • Multi-factor AuthenticationD3-MFA
    MappedMedium confidence

    Trains moving toward short-lived, stronger credentials after rotation.

  • User Account PermissionsD3-UAP
    MappedMedium confidence

    Trains confirming least privilege limited what the key could reach.

NIST CSF 2.0nist-csf-2
  • Identity Management, Authentication, and Access Control · ProtectPR.AA · PR
    MappedHigh confidence

    Trains credential-control response when a key is exposed and misused.

  • Continuous Monitoring · DetectDE.CM · DE
    MappedHigh confidence

    Trains detection from anomalous-region credential use in the audit log.

NIST SP 800-61r3nist-sp-800-61r3
  • IR lifecycle phaseContainment, Eradication & Recovery
    MappedHigh confidence

    Trains revoke-rotate-and-review as the immediate containment of a live key.

  • IR lifecycle phaseDetection & Analysis
    MappedHigh confidence

    Trains scoping exactly what the key read and what it was denied.

CISA Cybersecurity Performance Goalscisa-cpg
  • Detecting Relevant Threats and TTPs3.A
    MappedHigh confidence

    Trains the detection baseline that flags anomalous credential use.

  • Phishing-Resistant MFA2.E
    PartialLow confidence

    Trains the move toward stronger, short-lived credentials over static keys.

CIS Controls v8cis-controls
  • Account ManagementControl 5
    MappedHigh confidence

    Trains the credential-lifecycle control a never-rotated key violated.

  • Access Control ManagementControl 6
    MappedMedium confidence

    Trains the access-control review of what the identity could reach.