Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

During an incident response, you must collect evidence from a running Linux workload hosted on a public IaaS platform after IDS alarms indicated possible credential theft. You believe critical artifacts reside both in RAM and on the attached virtual disk. Following commonly accepted forensic data collection methodology that respects the order of volatility and minimizes evidence contamination, which action should you perform first?

  • Copy /var/log via SSH to secure storage, and afterwards trigger a hypervisor-level snapshot of memory and disk

  • Immediately stop the instance to freeze its state and create a block-level snapshot of the attached volume

  • Use the provider's live-memory capture feature to obtain a full RAM dump, then create a snapshot of the virtual disk

  • Gracefully shut down the VM, export the virtual disk, then request the provider to supply a memory dump

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot