🔥 3-day streak
AWS Certified Security - Specialty146 / 157
Question 146 of 157
A financial services company wants to automate its incident-response workflow for compromised EC2 instances. When a high-severity finding fires, the workflow must run several ordered steps: capture a memory image, isolate the instance, notify the SOC, and then WAIT for a human security analyst to approve before terminating the instance. The steps must have clear visibility into which stage failed if an error occurs, and the pause for human approval may last several hours. Which approach BEST meets these orchestration and human-approval requirements?
Reviewed for accuracy · Report an issueNext question