A security engineer is tasked with isolating an Amazon EC2 instance during an incident response. The goal is to block all traffic to and from the instance, except for authorized access by the company's forensics team. Each EC2 instance has its own dedicated security group, and instances are deployed within subnets of a VPC. The engineer tests the isolation procedure by initiating an SSH session to the target instance, simulating an attacker's access. After removing existing security group rules and adding new rules to allow the forensics team access via port 22, the SSH session remains active, and pings to the instance's public IP address are blocked. What action should the engineer take to effectively isolate the target instance?

Exam-Like

Add an inbound rule to the security group to allow traffic from 0.0.0.0/0 for all ports. Add an outbound rule to the security group to allow traffic to 0.0.0.0/0 for all ports. Then immediately delete these rules.

33.3%

Remove the port 22 security group rule. Attach an instance role policy that allows AWS Systems Manager Session Manager connections so that the forensics team can access the target instance.

66.7%

Create a network ACL that is associated with the target instance's subnet. Add a rule at the top of the inbound rule set to deny all traffic from 0.0.0.0/0. Add a rule at the top of the outbound rule set to deny all traffic to 0.0.0.0/0.

0.0%

Create an AWS Systems Manager document that adds a host-level firewall rule to block all inbound traffic and outbound traffic. Run the document on the target instance.

0.0%

AWS Certified Security - Specialty

Get started today

Comments