AWS Certified Security - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Use an isolated forensic account to store artifacts in an S3 bucket with S3 Object Lock enabled.

To protect and preserve forensic artifacts, it is crucial to use an isolated forensic account, which enhances security by isolating sensitive data. Storing these artifacts in an S3 bucket with S3 Object Lock ensures that the data cannot be altered or deleted, providing immutable storage for forensic evidence.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Use an isolated forensic account to store artifacts in an S3 bucket with S3 Object Lock enabled.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

In the event of a compromised AWS environment, how would you protect and preserve forensic artifacts using AWS services? Provide a detailed plan involving S3, S3 Object Lock, and isolated forensic accounts.

Simulated

Store artifacts in a standard S3 bucket with versioning enabled.

0.0%

Use an isolated forensic account to store artifacts in an S3 bucket with S3 Object Lock enabled.

50.0%

Replicate artifacts to another region using S3 replication and enable S3 Object Lock.

50.0%

Archive artifacts in an S3 Glacier bucket within the same account.