A security engineer has noticed that VPC Flow Logs are getting a lot of REJECT traffic originating from a single Amazon EC2 instance in an Auto Scaling group. The security engineer is concerned that this EC2 instance may be compromised. What immediate action should the security engineer take?
A) Remove the instance from the Auto Scaling group. Close the security group with ingress only from a single forensic IP address to perform an analysis.
B) Remove the instance from the Auto Scaling group. Change the network ACL rules to allow traffic only from a single forensic IP address to perform an analysis. Add a rule to deny all other traffic.
C) Remove the instance from the Auto Scaling group. Enable Amazon GuardDuty in that AWS account. Install the Amazon Inspector agent on the suspicious EC2 instance to perform a scan.
D) Take a snapshot of the suspicious EC2 instance. Create a new EC2 instance from the snapshot in a closed security group with ingress only from a single forensic IP address to perform an analysis.
Correct Answer:
Verified
Q185: A company's on-premises data center forwards DNS
Q186: A developer reported that AWS CloudTrail was
Q187: A company is designing the security architecture
Q188: A company is implementing a new application
Q189: A company's security engineer has been asked
Q191: A company uses multiple AWS accounts managed
Q192: A company has a VPC with an
Q193: A recent security audit identified that a
Q194: A security engineer is designing an incident
Q195: A company wants to deploy an application
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents