incident-response-trainer
Mock scenarios · Rule-based grading
CatalogOverviewSnapshot
← Back to catalog
Cloud InfrastructuremediumOver-Permissive IAM RoleHigh asset
Scenario

IAM role grants wildcard permissions far beyond its workload

A medium Cloud Infrastructure scenario on Over-Permissive IAM Role.

Practice this scenario

Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.

Launches this exact scenario. One of 2 templates in this Track + Difficulty pool.

catalog id · cloud-overpermissive-iam-role

Training alignment

What this scenario practices, mapped to recognized frameworks.

Educational mapping only. Not a compliance attestation.

What this trains
  • Least-privilege IAM remediation from observed usage
  • Reduce standing blast radius without breaking workloads
MITRE ATT&CKmitre-attack
  • Valid Accounts: Cloud Accounts · Privilege EscalationT1078.004 · TA0004
    PartialMedium confidence

    Trains reasoning about the blast radius a wildcard cloud identity would grant if it were ever compromised.

MITRE D3FENDmitre-d3fend
  • User Account PermissionsD3-UAP
    MappedHigh confidence

    Trains scoping the role to least privilege from observed usage.

  • Resource Access Policy AuditingD3-RAPA
    MappedMedium confidence

    Trains auditing the policy and trust relationships of the role.

NIST CSF 2.0nist-csf-2
  • Identity Management, Authentication, and Access Control · ProtectPR.AA · PR
    MappedHigh confidence

    Trains least-privilege access control for service identities.

  • Roles, Responsibilities, and Authorities · GovernGV.RR · GV
    MappedMedium confidence

    Trains governance of standing privilege through periodic access review.

NIST SP 800-61r3nist-sp-800-61r3
  • IR lifecycle phaseDetection & Analysis
    MappedHigh confidence

    Trains using audit-log last-used data to derive the minimal needed policy.

  • IR lifecycle phasePost-Incident Activity
    MappedMedium confidence

    Trains periodic access review and guardrails so wildcard roles do not recur.

CISA Cybersecurity Performance Goalscisa-cpg
  • Phishing-Resistant MFA2.E
    PartialLow confidence

    Trains the identity-assurance baseline that complements scoping role assumption.

  • Detection of Unsuccessful (Automated) Login Attempts2.Q
    MappedMedium confidence

    Trains the detection baseline that surfaces misuse of an identity.

CIS Controls v8cis-controls
  • Account ManagementControl 5
    MappedHigh confidence

    Trains the account-management control for over-privileged service identities.

  • Access Control ManagementControl 6
    MappedHigh confidence

    Trains the least-privilege access-control review the finding requires.