AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Your organization has experienced a security incident that has affected its AWS environment. As an AWS Certified Security - Specialty professional, you are tasked with capturing relevant forensics data from the compromised resources. Describe the steps you would take to capture and preserve the forensics data for further analysis.
Your organization has experienced a security incident that has affected its AWS environment. As an AWS Certified Security - Specialty professional, you are tasked with capturing relevant forensics data from the compromised resources. Describe the steps you would take to capture and preserve the forensics data for further analysis.
Explanation:
Option C is the most comprehensive approach to capturing and preserving forensics data. Storing the captured data in an isolated Amazon S3 bucket with appropriate access controls can help ensure the integrity and confidentiality of the data. While taking Amazon EBS volume snapshots (Option A) and using memory dump tools (Option B) are important steps in capturing the forensics data, storing the data securely is crucial for further analysis and potential legal proceedings. Enabling S3 Object Lock (Option D) can provide an additional layer of protection for the forensics data.