Answer-first summary for fast verification
Answer: Use Amazon EBS volume snapshots to capture the current state of the compromised EC2 instance's disk and use memory dump tools to capture the instance's memory for further analysis.
Option D is the most comprehensive approach to capturing relevant forensics data from a compromised EC2 instance. By taking Amazon EBS volume snapshots, you can preserve the current state of the instance's disk for further analysis. Additionally, using memory dump tools to capture the instance's memory can provide valuable insights into the system's state at the time of the compromise. This approach allows for a thorough root cause analysis and can help identify the source and extent of the security incident.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are investigating a security incident involving a compromised Amazon EC2 instance. Describe the steps you would take to conduct a root cause analysis and capture relevant forensics data from the compromised resource.
A
Use AWS CloudTrail to log API calls made to the compromised EC2 instance and analyze the logs to identify any suspicious activities.
B
Use AWS CloudTrail and Amazon VPC Flow Logs to capture network traffic data and analyze it to identify any unusual patterns or potential data exfiltration.
C
Use AWS Detective to graph the relationships between AWS resources and analyze the data to identify any potential security issues or compromised resources.
D
Use Amazon EBS volume snapshots to capture the current state of the compromised EC2 instance's disk and use memory dump tools to capture the instance's memory for further analysis.
No comments yet.