🔥 3-day streak
AWS Certified Security - Specialty31 / 157
Question 31 of 157
A security analyst is performing forensic acquisition on a compromised EC2 instance that is still running and suspected of active data exfiltration. Company policy requires that both volatile and non-volatile evidence be preserved while minimizing the risk of tipping off the attacker or corrupting evidence. Which sequence of actions BEST preserves forensic integrity?
Reviewed for accuracy · Report an issueNext question