🔥 3-day streak
AWS Certified Security - Specialty164 / 184
Question 164 of 184

After a security incident, a company confirmed that several EC2 instances in an Auto Scaling group were compromised through an unpatched vulnerability. The instances have already been isolated and forensic snapshots captured. The security team now needs to safely bring the workload back into service. They want an automated, repeatable recovery process that terminates the compromised instances, launches fresh instances from a hardened AMI, and applies the latest approved patch baseline before the instances rejoin the load balancer. Which approach best meets these recovery requirements?

Reviewed for accuracy · Report an issueNext question