Incident Response Questions
Practice questions for Incident Response topic in AWS Certified Security - Specialty. 28 questions covering this domain.
A team wants a vulnerability management service that automatically discovers and continuously rescans eligible resources when packages change, patches...
An Amazon Inspector finding is based on a vulnerability that is exploitable over the network, but the affected EC2 instance has no open network path t...
A company wants administrators to connect to EC2 instances for incident response without opening inbound SSH or RDP ports, maintaining bastion hosts, ...
A security team needs near-real-time routing of Amazon Inspector findings to automated remediation targets such as Lambda functions or SNS topics. Whi...
A company wants to standardize patching across all AWS accounts and Regions in its organization by using a recommended centralized configuration metho...
A security analyst needs to investigate multiple related suspicious activities tied to a high-severity GuardDuty finding and quickly understand the ro...
A response team must access a private service running on a managed node during an incident, but the organization does not want to open inbound ports t...
A security team needs to ensure backups used for ransomware recovery cannot be deleted or shortened by any user, including the AWS account root user, ...
A team wants to automate forensic disk capture of a suspicious EC2 instance, copy the image to an isolated forensics account, and trigger this flow fr...
After a credential compromise, AWS guidance directs the team to perform a specific sequence of credential containment actions for the affected IAM rol...
A security engineer must immediately quarantine a compromised EC2 instance from the network while preserving its data for forensic analysis. Which app...
Which AWS service can run prebuilt or custom runbook documents to automate routine response tasks such as isolating an EC2 instance or rotating a cred...
Which AWS service provides response plans, on-call schedules, runbooks, escalation, and chat-based collaboration during incidents?
An incident responder must invalidate all currently issued temporary credentials for an IAM role that was assumed by a compromised workload. Which IAM...
A security team discovers an active S3 data exfiltration attack occurring through a compromised IAM access key. They need to immediately stop the exfi...
A forensics team needs to capture a memory dump and volatile state from a running EC2 instance during an active incident without terminating the insta...
An incident team needs to automatically trigger a response workflow when Amazon GuardDuty generates a high-severity finding, including sending a notif...
An incident response team needs to determine whether a suspicious IAM role that was used two days ago had any resource-level permissions to access Ama...
A security engineer needs to quarantine a compromised Lambda function that is processing sensitive records. Which combination of actions minimizes the...
A security team wants to test the resilience of its incident response plan by simulating a sudden termination of EC2 instances in a production environ...
Sign in to see all 28 questions
Create a free account to browse all questions — completely free during our launch phase.