Answer-first summary for fast verification
Answer: Use AWS Step Functions to create a state machine that triggers an AWS Lambda function to isolate the compromised EC2 instance, captures forensic data, and initiates a root cause analysis using AWS Detective.
Option B is the most comprehensive and effective approach to automating the remediation process. By using AWS Step Functions to create a state machine, you can orchestrate multiple AWS services to respond to the security breach. The state machine can trigger an AWS Lambda function to isolate the compromised EC2 instance, capture forensic data, and initiate a root cause analysis using AWS Detective. This approach ensures a coordinated and efficient response to the security incident.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization has detected a potential security breach in one of its Amazon EC2 instances. As an AWS Certified Security - Specialty professional, you are tasked with automating the remediation process. Describe the steps you would take to automate the remediation using AWS services, and explain how you would ensure the process is effective and efficient.
A
Use AWS Lambda to create a function that terminates the compromised EC2 instance and creates a new instance with the same configuration.
B
Use AWS Step Functions to create a state machine that triggers an AWS Lambda function to isolate the compromised EC2 instance, captures forensic data, and initiates a root cause analysis using AWS Detective.
C
Use EventBridge to create a rule that triggers an AWS Lambda function to take a snapshot of the compromised EC2 instance's Amazon EBS volume and store it in an isolated Amazon S3 bucket.
D
Use AWS Systems Manager Runbooks to create a runbook that automates the process of isolating the compromised EC2 instance, capturing forensic data, and initiating a root cause analysis using AWS Detective.
No comments yet.