AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
Your organization has experienced a security incident that has affected its AWS environment. As an AWS Certified Security - Specialty professional, you are tasked with capturing relevant forensics data from the compromised resources. Describe the steps you would take to capture and preserve the forensics data for further analysis.
A
Take Amazon EBS volume snapshots of the compromised EC2 instances to capture the current state of the disk.
B
Use memory dump tools to capture the memory of the compromised EC2 instances for further analysis.
C
Store the captured forensics data in an isolated Amazon S3 bucket with appropriate access controls to ensure the integrity and confidentiality of the data.
D
Enable S3 Object Lock on the S3 bucket containing the forensics data to prevent unauthorized deletion or modification of the objects.