exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam

Exam AWS Certified Security - Specialty topic 1 question 99 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 99
Topic #: 1
[All AWS Certified Security - Specialty Questions]

An Amazon EC2 instance is part of an EC2 Auto Scaling group that is behind an Application Load Balancer (ALB). It is suspected that the EC2 instance has been compromised.
Which steps should be taken to investigate the suspected compromise? (Choose three.)

  • A. Detach the elastic network interface from the EC2 instance.
  • B. Initiate an Amazon Elastic Block Store volume snapshot of all volumes on the EC2 instance.
  • C. Disable any Amazon Route 53 health checks associated with the EC2 instance.
  • D. De-register the EC2 instance from the ALB and detach it from the Auto Scaling group.
  • E. Attach a security group that has restrictive ingress and egress rules to the EC2 instance.
  • F. Add a rule to an AWS WAF to block access to the EC2 instance.
Show Suggested Answer Hide Answer
Suggested Answer: BDE 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
mojoa
Highly Voted 3 years, 9 months ago
https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf The answers are wrong according to the whitepaper P34. Closest 3 correct answers are B, D and E.
upvoted 41 times
ugreenhost
3 years, 9 months ago
Yes B,D & E has the best closest answers, agreed
upvoted 14 times
...
Kdosec
3 years, 8 months ago
Yes, totally agree with you. B, D & E based on AWS Incident response guidelines.
upvoted 1 times
...
...
INASR
Highly Voted 3 years, 9 months ago
B D E correct
upvoted 13 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: BDE
BDE The right steps to isolate and seize data on a compromised instance.
upvoted 1 times
...
Tofu13
2 years, 1 month ago
Selected Answer: BDE
D and E are part of Containment B is somewhat part of Eradication If you must keep resources for your investigation, consider backing up those resources. For example, if you must retain an Amazon EC2 instance for regulatory, compliance, or legal reasons, then create an Amazon EBS snapshot before removing the instance. https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/operations.html
upvoted 1 times
...
SaucyVip3r
2 years, 1 month ago
Selected Answer: BDE
https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf
upvoted 1 times
...
Dmosh
2 years, 2 months ago
bde for ans
upvoted 1 times
...
ITGURU51
2 years, 3 months ago
To investigate the security incident we need to snapshot the EBS volumes. To isolate and protect the AWS Tenant, we want to use a security group. Also we need to remove compromised host from the ALB and auto scaling group.
upvoted 1 times
...
awsguru1998
2 years, 4 months ago
BDF. security group rules are not aggregated, and adding a new security group will not affect the existing rules. Therefore, option E ("Attach a security group that has restrictive ingress and egress rules to the EC2 instance") is not a valid answer
upvoted 1 times
...
DingjieDanielYang
3 years, 3 months ago
BDE are correct as they cover, isolation, investigation
upvoted 1 times
...
ggx
3 years, 5 months ago
Selected Answer: BDE
BDE all day
upvoted 2 times
...
IMAHM
3 years, 7 months ago
B D E correct
upvoted 1 times
...
pmjcr
3 years, 8 months ago
I see a lot of you guys going to option E but you cannot block or restrict any egress traffic with security groups so I'm not sure about this one. I see the option A better than D. So A, B, D is my answer.
upvoted 2 times
scuzzy2010
3 years, 8 months ago
You can block egress traffic by removing all the entries in the outbound.
upvoted 2 times
...
...
sanjaym
3 years, 8 months ago
Ans: DBE 100%
upvoted 1 times
...
durmusc
3 years, 8 months ago
D,E -> for isolation B ->for investigation Answer : B,D,E
upvoted 2 times
...
Edgecrusher77
3 years, 8 months ago
it should be B, D, E
upvoted 1 times
...
NANDY666
3 years, 8 months ago
BDE is Correct
upvoted 2 times
...
devjava
3 years, 8 months ago
Ans > B,D,E
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...