🔥 3-day streak
AWS Certified Security - Specialty145 / 157
Question 145 of 157

During an active incident, the security team must run a set of read-only diagnostic commands (process list, open network connections, loaded kernel modules) across 40 potentially compromised EC2 instances simultaneously. They need the exact command output captured centrally and preserved as evidence, with each execution attributable to a specific responder, and without opening any inbound SSH ports. Which approach best meets these requirements?

Reviewed for accuracy · Report an issueNext question