Ultimate access to all questions.
Upgrade Now 🚀
Sign in to unlock AI tutor
You are investigating a security incident involving a compromised Amazon EC2 instance. Describe the steps you would take to conduct a root cause analysis and capture relevant forensics data from the compromised resource.
A
Use AWS CloudTrail to log API calls made to the compromised EC2 instance and analyze the logs to identify any suspicious activities.
B
Use AWS CloudTrail and Amazon VPC Flow Logs to capture network traffic data and analyze it to identify any unusual patterns or potential data exfiltration.
C
Use AWS Detective to graph the relationships between AWS resources and analyze the data to identify any potential security issues or compromised resources.
D
Use Amazon EBS volume snapshots to capture the current state of the compromised EC2 instance's disk and use memory dump tools to capture the instance's memory for further analysis.
