Option A: Detection mode allows Falcon to monitor and alert on threats, but it does not create a direct

privilege escalation risk. While switching to prevention mode enhances security, the misconfiguration in

this scenario is related to IAM permissions rather than Falcon sensor settings.

Option B: Restricting SSH access to specific IPs is a best practice for minimizing exposure. While open

SSH access is a security risk, a properly restricted IP range does not directly contribute to privilege

escalation.

Option C: Granting AdministratorAccess to an EC2 instance profile is a critical security

misconfiguration. It allows any process running on the instance to assume unrestricted administrative

privileges, potentially leading to privilege escalation and lateral movement by an attacker. This is a high-

risk practice that should be avoided by implementing least privilege principles.

Option D: Enforcing MFA enhances security by requiring an additional authentication factor. While

MFA alone does not prevent all privilege escalation risks, it does not contribute to misconfiguration or

high-risk practices.