Answer-first summary for fast verification
Answer: Isolate the suspected compromised resource to prevent lateral movement and limit the scope of the incident.
Option B is the most appropriate initial response to a suspected compromised resource. Isolating the resource can help prevent lateral movement and limit the scope of the incident, allowing for a more controlled investigation and response. While conducting a thorough investigation (Option C) and notifying stakeholders and initiating the incident response plan (Option D) are also important steps, isolating the compromised resource should be the first action taken to minimize the potential impact of the incident.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization has detected suspicious activity in its AWS environment, and you suspect that a resource has been compromised. Describe the steps you would take to respond to the compromised resource and investigate the incident.
A
Immediately terminate the suspected compromised resource to prevent further damage.
B
Isolate the suspected compromised resource to prevent lateral movement and limit the scope of the incident.
C
Conduct a thorough investigation of the suspicious activity, including reviewing logs and monitoring tools, to determine the extent and severity of the incident.
D
Notify the relevant stakeholders and initiate the incident response plan to coordinate a response to the incident.
No comments yet.