Answer-first summary for fast verification
Answer: Create isolated forensic accounts with limited permissions to access the forensic artifacts and use AWS Identity and Access Management (IAM) policies to enforce the least privilege principle.
Option B is the most comprehensive approach to protecting and preserving forensic artifacts. By creating isolated forensic accounts with limited permissions and using AWS IAM policies to enforce the least privilege principle, you can minimize the risk of unauthorized access or tampering with the artifacts. Additionally, preparing services for incidents and recovering services after incidents involves implementing a robust incident response plan, conducting regular security assessments, and ensuring proper backup and recovery mechanisms are in place.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are responsible for protecting and preserving forensic artifacts related to a security incident. Describe the steps you would take to ensure the integrity and confidentiality of the artifacts, and explain how you would prepare the services for incidents and recover services after incidents.
A
Enable S3 Object Lock on the Amazon S3 bucket containing the forensic artifacts to prevent unauthorized deletion or modification of the objects.
B
Create isolated forensic accounts with limited permissions to access the forensic artifacts and use AWS Identity and Access Management (IAM) policies to enforce the least privilege principle.
C
Enable S3 Lifecycle policies to automatically transition the forensic artifacts to Amazon S3 Glacier or Glacier Deep Archive for long-term storage and cost-effective preservation.
D
Enable S3 replication to create a copy of the forensic artifacts in a separate AWS region to ensure availability and durability in case of a regional outage or disaster.
No comments yet.