An attacker used a stolen cloud token. Which evidence helps determine blast radius? (Choose two.)
Permissions bound the maximum possible access.
Why this answer
Option B is correct because the permissions assigned to the principal (e.g., an IAM role or user) during the compromise window directly define what actions the attacker could perform with the stolen token. Cloud providers like AWS evaluate permissions at the time of the API call, so the blast radius is limited to the resources and actions allowed by the policies attached at that moment. Without knowing these permissions, you cannot determine which data or services were accessible.
Exam trap
Cisco often tests the misconception that physical or environmental factors (like monitor brightness) are relevant to cloud security incidents, leading candidates to select irrelevant options when they should focus on authorization and logging mechanisms.