You are responsible for protecting and preserving forensic artifacts related to a security incident. Describe the steps you would take to ensure the integrity and confidentiality of the artifacts, and explain how you would prepare the services for incidents and recover services after incidents.

Simulated

Enable S3 Object Lock on the Amazon S3 bucket containing the forensic artifacts to prevent unauthorized deletion or modification of the objects.

50.0%

Create isolated forensic accounts with limited permissions to access the forensic artifacts and use AWS Identity and Access Management (IAM) policies to enforce the least privilege principle.

50.0%

Enable S3 Lifecycle policies to automatically transition the forensic artifacts to Amazon S3 Glacier or Glacier Deep Archive for long-term storage and cost-effective preservation.

0.0%

Enable S3 replication to create a copy of the forensic artifacts in a separate AWS region to ensure availability and durability in case of a regional outage or disaster.

0.0%

AWS Certified Security - Specialty

Get started today

Comments

You are responsible for protecting and preserving forensic artifacts related to a security incident. Describe the steps you would take to ensure the integrity and confidentiality of the artifacts, and explain how you would prepare the services for incidents and recover services after incidents.