A security engineer needs to develop a process to investigate and respond to potential security events on a company's Amazon EC2 instances. All the EC2 instances are backed by Amazon Elastic Block Store (Amazon EBS). The company uses AWS Systems Manager to manage all the EC2 instances and has installed Systems Manager Agent (SSM Agent) on all the EC2 instances.
The process that the security engineer is developing must comply with AWS security best practices and must meet the following requirements:
A compromised EC2 instance's volatile memory and non-volatile memory must be preserved for forensic purposes.
A compromised EC2 instance's metadata must be updated with corresponding incident ticket information.
A compromised EC2 instance must remain online during the investigation but must be isolated to prevent the spread of malware.
Any investigative activity during the collection of volatile data must be captured as part of the process.
Which combination of steps should the security engineer take to meet these requirements with the LEAST operational overhead? (Choose three.)
pupsik
Highly Voted 1 year, 1 month agoaguilar404
8 months, 1 week agobukkanni
Most Recent 3 months agoFunkyFresco
3 months, 2 weeks agoRobWilliamsToronto
4 months, 2 weeks agoRaphaello
9 months, 4 weeks agocsG13
11 months, 1 week agoSab31
11 months, 2 weeks agoDaniel76
11 months, 1 week agoDaniel76
11 months, 3 weeks agoRaphaello
11 months, 3 weeks agoawssecuritynewbie
1 year agolalee2
1 year, 1 month agoKR693
1 year, 1 month ago0dd
1 year, 1 month agokk2000
1 year, 2 months ago