Credential exposure is the most common entry point for cloud breaches. An access key carelessly committed to GitHub, a root password phished from employees, STS tokens leaked from a compromised instance — attackers enter through the front door with valid credentials rather than exploiting vulnerabilities. The essence of response is "how quickly can you neutralize exposed credentials, track what happened with them, and safely reissue?" The exam relentlessly tests that different credential types have different neutralization mechanisms.