After multiple compromises of its Amazon EC2 instances, a company's Security Officer is mandating that memory dumps of compromised instances be captured for further analysis. A Security Engineer just received an EC2 abuse notification report from AWS stating that an EC2 instance running the most recent Windows Server 2019 Base AMI is compromised. How should the Security Engineer collect a memory dump of the EC2 instance for forensic analysis?
A) Give consent to the AWS Security team to dump the memory core on the compromised instance and provide it to AWS Support for analysis.
B) Review memory dump data that the AWS Systems Manager Agent sent to Amazon CloudWatch Logs.
C) Download and run the EC2Rescue for Windows Server utility from AWS.
D) Reboot the EC2 Windows Server, enter safe mode, and select memory dump.
Correct Answer:
Verified
Q160: A company had one of its Amazon
Q161: A company's Security Engineer has been tasked
Q162: A company has an application hosted in
Q163: An organization wants to log all AWS
Q164: A company recently performed an annual security
Q166: A company uses Microsoft Active Directory for
Q167: A company plans to use custom AMIs
Q168: A Security Engineer accidentally deleted the imported
Q169: A company requires that SSH commands used
Q170: A company wants to encrypt the private
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents