Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 197 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 197
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company has an application that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Amazon EC2 Auto Scaling group and are attached to Amazon Elastic Block Store (Amazon EBS) volumes.

A security engineer needs to preserve all forensic evidence from one of the instances.

Which order of steps should the security engineer use to meet this requirement?

  • A. Take an EBS volume snapshot of the instance and store the snapshot in an Amazon S3 bucket. Take a memory snapshot of the instance and store the snapshot in an S3 bucket Detach the instance from the Auto Scaling group. Deregister the instance from the ALB. Stop the instance.
  • B. Take a memory snapshot of the instance and store the snapshot in an Amazon S3 bucket. Stop the instance. Take an EBS volume snapshot of the instance and store the snapshot in an S3 bucket. Detach the instance from the Auto Scaling group. Deregister the instance from the ALB.
  • C. Detach the instance from the Auto Scaling group. Deregister the instance from the ALB. Take an EBS volume snapshot of the instance and store the snapshot in an Amazon S3 bucket. Take a memory snapshot of the instance and store the snapshot in an S3 bucket. Stop the instance.
  • D. Detach the instance from the Auto Scaling group. Deregister the instance from the ALB Stop the instance. Take a memory snapshot of the instance and store the snapshot in an Amazon S3 bucket. Take an EBS volume snapshot of the instance and store the snapshot in an S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by mercespsn at Oct. 13, 2024, 3:01 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Pmktechno
2 days, 5 hours ago
Selected Answer: B
Option B
upvoted 1 times
...
Pmktechno
2 days, 5 hours ago
Selected Answer: D
Option D
upvoted 1 times
...
mzeynalli
1 week ago
Selected Answer: C
Option B does not detach the instance from the Auto Scaling group or deregister it from the ALB before stopping it, which can lead to unexpected instance termination or further data changes from incoming traffic. This makes it unsuitable for preserving forensic evidence effectively. Option C follows the correct sequence to ensure that the instance is properly isolated and that both memory and disk snapshots are taken in a way that preserves the integrity of forensic evidence. For these reasons, Option C is the correct approach to ensure the proper preservation of forensic evidence, while Option B may lead to potential data loss or contamination due to improper ordering of steps.
upvoted 1 times
...
BietTuot
1 week, 2 days ago
Selected Answer: A
Correct answer is A. 1. Acquire Evidence 2. Isolation 3. Stop the Instance
upvoted 1 times
...
dhewa
1 month ago
Selected Answer: B
This order ensures that the volatile memory is captured before the instance is stopped, preserving all necessary forensic evidence.
upvoted 2 times
...
gkaself
1 month ago
Selected Answer: D
Correct answer is D. Instance should not be stopped
upvoted 1 times
Bad_Mat
1 month ago
make sense
upvoted 1 times
...
dhewa
1 month ago
Stopping the instance prevents any further changes to the data on the instance, ensuring that the EBS volume snapshot captures the state of the disk at a specific point in time without any ongoing changes.
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel