Answer-first summary for fast verification
Answer: Isolate the instance by changing its security group, create an EBS snapshot, and store it in an S3 bucket with S3 Object Lock.
To isolate a compromised EC2 instance, it is best to change its security group to restrict all inbound and outbound traffic, effectively isolating it from the network. Creating an EBS snapshot ensures that forensic data is preserved, and storing this snapshot in an S3 bucket with S3 Object Lock provides immutability, protecting the data from being altered.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Imagine you have detected a compromised Amazon EC2 instance. Describe the process you would follow to isolate this instance using AWS services, ensuring minimal impact on other resources and maintaining the integrity of forensic data.
A
Terminate the instance, create an EBS snapshot, and store it in an S3 bucket with S3 Object Lock.
B
Detach the instance's network interfaces, create an EBS snapshot, and store it in an isolated forensic account.
C
Stop the instance, create a memory dump, and store it in an S3 bucket with S3 Lifecycle policies.
D
Isolate the instance by changing its security group, create an EBS snapshot, and store it in an S3 bucket with S3 Object Lock.
No comments yet.