
Explanation:
Option B is correct because it uses both AWS CloudTrail and AWS Config for a comprehensive investigation and recovery process, which is essential for handling such incidents.
Ultimate access to all questions.
No comments yet.
Imagine you are part of an incident response team dealing with a compromised AWS EC2 instance. How would you utilize AWS CloudTrail and AWS Config to investigate and document the incident? Describe the steps you would take to ensure a thorough investigation and the recovery of the compromised instance.
A
Use only AWS CloudTrail for basic logging without a detailed investigation.
B
Leverage both AWS CloudTrail for event history and AWS Config for resource configurations to trace the incident and ensure recovery.
C
Ignore AWS Config and rely solely on AWS CloudTrail.
D
Assume the instance is not compromised without investigation.