Answer-first summary for fast verification
Answer: Create EBS snapshots and memory dumps, store them in an isolated forensic account, and use S3 Object Lock.
Capturing forensics data involves creating EBS snapshots and memory dumps. To ensure the integrity of this data, it should be stored in an isolated forensic account, which enhances security by isolating sensitive data. Using S3 Object Lock ensures that the data cannot be altered or deleted, providing immutable storage for forensic evidence.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
During a security incident, you need to capture relevant forensics data from a compromised resource. Describe the steps you would take using Amazon EBS volume snapshots and memory dumps, and how you would ensure the integrity of this data using AWS services.
A
Create EBS snapshots and memory dumps, store them in a standard S3 bucket, and use S3 Lifecycle policies.
B
Create EBS snapshots and memory dumps, store them in an isolated forensic account, and use S3 Object Lock.
C
Create EBS snapshots and memory dumps, replicate them to another region using S3 replication, and use S3 Object Lock.
D
Create EBS snapshots and memory dumps, store them in an S3 Glacier bucket, and use S3 Object Lock.
No comments yet.