ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 786 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 786
Topic #: 1
[All 312-49v10 Questions]

A sophisticated cyber-attack has targeted an organization, and the forensic team is called upon for incident response. Their assets are largely hosted on AWS, particularly using S3 and EC2 instances. As a forensic investigator, your first step to retaining valuable evidence in the EC2 instances is:

  • A. Retrieve and analyze log data from the affected EC2 instances
  • B. Encrypt all the data present in the EC2 instances to avoid further unauthorized access
  • C. Immediately isolate the affected EC2 instances from the network to avoid data corruption
  • D. Create a snapshot of the EBS volume in the affected EC2 instance and share it with the forensic team for analysis
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Elb at May 29, 2024, 2:38 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ala76nl
7 months, 2 weeks ago
Selected Answer: C
Cfhi v10: step 1 isolate the ec2 instance
upvoted 1 times
...
Elb
8 months, 3 weeks ago
Selected Answer: D
Amazon EBS is a block-level storage volume that can be attached with any running EC2 instance Once attached to an instance, it can be used like any physical hard drive. Customers can make an EBS volume snapshot and create another volume from that snapshot which can be attached to a different EC2 instance
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago