You are investigating a security incident involving a compromised Amazon EC2 instance. Describe the steps you would take to conduct a root cause analysis and capture relevant forensics data from the compromised resource.

Simulated

Use AWS CloudTrail to log API calls made to the compromised EC2 instance and analyze the logs to identify any suspicious activities.

0.0%

Use AWS CloudTrail and Amazon VPC Flow Logs to capture network traffic data and analyze it to identify any unusual patterns or potential data exfiltration.

0.0%

Use AWS Detective to graph the relationships between AWS resources and analyze the data to identify any potential security issues or compromised resources.

0.0%

Use Amazon EBS volume snapshots to capture the current state of the compromised EC2 instance's disk and use memory dump tools to capture the instance's memory for further analysis.

100.0%

AWS Certified Security - Specialty

Get started today

Comments

You are investigating a security incident involving a compromised Amazon EC2 instance. Describe the steps you would take to conduct a root cause analysis and capture relevant forensics data from the compromised resource.