Answer-first summary for fast verification
Answer: Store the forensic data in an isolated forensic account and use S3 Object Lock for immutability.
To ensure the integrity and availability of forensic data, it is best to store the data in an isolated forensic account, which enhances security by isolating sensitive data. Using S3 Object Lock ensures that the data cannot be altered or deleted, providing immutable storage for forensic evidence.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
During a security incident, you need to capture forensics data from a compromised EC2 instance. Which AWS services and features would you use to ensure the integrity and availability of the forensic data? Describe the process.
A
Use Amazon EBS snapshots and S3 Object Lock for immutable storage.
B
Create a memory dump and store it in an S3 bucket with S3 Lifecycle policies.
C
Take an EBS snapshot and replicate it to another region using S3 replication.
D
Store the forensic data in an isolated forensic account and use S3 Object Lock for immutability.
No comments yet.