ISC2 Certified Cloud Security Professional (CCSP) Practice Question
During a security incident you gain temporary console access to a still-running Linux virtual machine in a public IaaS cloud. You believe the attacker used the host for lateral movement and want to preserve evidence before the VM is powered off by the adversary. Following the standard order-of-volatility guideline for cloud forensic data collection, which action should you perform first?
Export the hypervisor host's configuration files and firmware version details.
Acquire a live memory image of the VM, including its active processes and network connections.
Create a point-in-time snapshot of the virtual disk attached to the instance.
Download the last 24 hours of virtual network flow logs from object storage.
The order of volatility (OOV) ranks evidence from most to least likely to change. Live data in RAM-running processes, network sockets, and kernel structures-is lost as soon as the instance is powered down or rebooted, so it must be captured before less-volatile artifacts such as virtual disks, flow logs stored in object storage, or hypervisor configuration files. Creating a memory image with a tool such as LiME or AVML therefore satisfies the OOV principle. Disk snapshots, stored log files, and host-level configurations are all less volatile and can be collected later.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Order of Volatility (OOV) in digital forensics?
Open an interactive chat with Bash
How do tools like LiME or AVML help with acquiring memory images?
Open an interactive chat with Bash
Why are virtual network flow logs less volatile than live memory?
Open an interactive chat with Bash
What is the order of volatility (OOV) in the context of cloud forensics?
Open an interactive chat with Bash
How do tools like LiME or AVML help in forensic memory capture?
Open an interactive chat with Bash
Why is live memory considered more volatile compared to virtual disks or network logs?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .