ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 393 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 393
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company finds that one of its Amazon EC2 instances suddenly has a high CPU usage. The company does not know whether the EC2 instance is compromised or whether the operating system is performing background cleanup.

Which combination of steps should a security engineer take before investigating the issue? (Choose three.)

  • A. Disable termination protection for the EC2 instance if termination protection has not been disabled.
  • B. Enable termination protection for the EC2 instance if termination protection has not been enabled.
  • C. Take snapshots of the Amazon Elastic Block Store (Amazon EBS) data volumes that are attached to the EC2 instance.
  • D. Remove all snapshots of the Amazon Elastic Block Store (Amazon EBS) data volumes that are attached to the EC2 instance.
  • E. Capture the EC2 instance metadata, and then tag the EC2 instance as under quarantine.
  • F. Immediately remove any entries in the EC2 instance metadata that contain sensitive information.
Show Suggested Answer Hide Answer
Suggested Answer: BCE 🗳️
by luisfsm_111 at Nov. 22, 2022, 12:54 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AdamWest
Highly Voted 2 years, 5 months ago
Selected Answer: BCE
BCE - 1. Capture the metadata from the Amazon EC2 instance, before you make any changes to your environment. 2. Protect the Amazon EC2 instance from accidental termination by enabling termination protection for the instance. 3. Isolate the Amazon EC2 instance by switching the VPC Security Group or explicitly denying network traffic to the IP address of the instance with the Network Access Control List. 4. Detach the Amazon EC2 instance from any AWS Auto Scaling groups. 5. Deregister the Amazon EC2 instance from any related Elastic Load Balancing service. Amazon Web Services AWS Security Incident Response Guide Page 35 6. Snapshot the Amazon EBS data volumes that are attached to the EC2 instance for preservation and follow-up investigations. 7. Tag the Amazon EC2 instance as quarantined for investigation, and add any pertinent metadata, such as the trouble ticket associated with the investigation.
upvoted 10 times
...
tainh
Highly Voted 2 years, 5 months ago
Selected Answer: BCE
Sure: BCE https://d1.awsstatic.com/WWPS/pdf/aws_security_incident_response.pdf
upvoted 5 times
...
Toptip
Most Recent 1 year, 11 months ago
Selected Answer: BCE
BCE for me
upvoted 1 times
...
D2
2 years, 5 months ago
Selected Answer: BCE
Answer BCE https://d1.awsstatic.com/WWPS/pdf/aws_security_incident_response.pdf
upvoted 2 times
...
luisfsm_111
2 years, 5 months ago
Selected Answer: BCE
By elimination, BCE
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago