Answer-first summary for fast verification
Answer: Store the captured forensics data in an isolated Amazon S3 bucket with appropriate access controls to ensure the integrity and confidentiality of the data.
Option C is the most comprehensive approach to capturing and preserving forensics data. Storing the captured data in an isolated Amazon S3 bucket with appropriate access controls can help ensure the integrity and confidentiality of the data. While taking Amazon EBS volume snapshots (Option A) and using memory dump tools (Option B) are important steps in capturing the forensics data, storing the data securely is crucial for further analysis and potential legal proceedings. Enabling S3 Object Lock (Option D) can provide an additional layer of protection for the forensics data.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization has experienced a security incident that has affected its AWS environment. As an AWS Certified Security - Specialty professional, you are tasked with capturing relevant forensics data from the compromised resources. Describe the steps you would take to capture and preserve the forensics data for further analysis.
A
Take Amazon EBS volume snapshots of the compromised EC2 instances to capture the current state of the disk.
B
Use memory dump tools to capture the memory of the compromised EC2 instances for further analysis.
C
Store the captured forensics data in an isolated Amazon S3 bucket with appropriate access controls to ensure the integrity and confidentiality of the data.
D
Enable S3 Object Lock on the S3 bucket containing the forensics data to prevent unauthorized deletion or modification of the objects.
No comments yet.