🔥 3-day streak
AWS Certified Security - Specialty143 / 157
Question 143 of 157

During an incident, a security engineer discovers that a fleet of 40 EC2 instances running a web application were compromised through an unpatched vulnerability. After containment, the incident-response plan requires the recovery phase to restore the instances to a known-good, fully patched state with minimal manual intervention, and the process must be repeatable and auditable for future incidents. Which approach best meets these recovery requirements?

Reviewed for accuracy · Report an issueNext question