🔥 3-day streak
AWS Certified Security - Specialty32 / 157
Question 32 of 157

A security team discovers that a containerized application running on Amazon ECS with the Fargate launch type has been compromised. The task is actively communicating with a known command-and-control server. The team must contain the specific task for later forensic analysis while minimizing disruption to other healthy tasks in the same service, and they need to preserve as much volatile evidence as possible. Which containment approach best meets these requirements?

Reviewed for accuracy · Report an issueNext question