ISC2 Certified Cloud Security Professional (CCSP) Practice Question
While monitoring a customer's public IaaS environment you notice an instance suddenly initiating large volumes of outbound traffic to an unfamiliar external IP range. Company policy states that you must contain the threat, preserve volatile evidence, and avoid disrupting other tenants that share the same hypervisor. Which response action best satisfies these requirements?
Collect flow logs for later analysis and await formal customer authorization before taking any containment measures.
Terminate the compromised instance and redeploy it from a trusted golden image to restore service quickly.
Power off the affected instance from the hypervisor console, then create a block-level snapshot of its virtual disks for analysis.
Detach the instance's virtual network interface (or place it in an isolated security group) and immediately perform a live memory capture through the cloud provider's API.
Detaching the virtual network interface (or moving it to a quarantine security group) immediately stops further outbound connections, containing the threat without powering-off the instance or affecting other VMs that share the same physical host. Because the instance stays powered on, responders can still acquire a live memory image, process lists, and other volatile data that would be lost if the VM were shut down. Powering the VM off first would destroy volatile evidence, while deleting and redeploying the server destroys all evidence. Waiting for the customer's approval before acting allows continued data exfiltration and violates the containment requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a virtual network interface in a cloud environment?
Open an interactive chat with Bash
Why is live memory capture important in incident response?
Open an interactive chat with Bash
What is the role of flow logs in cloud security monitoring?
Open an interactive chat with Bash
Why is it important to preserve volatile evidence when responding to a security incident in the cloud?
Open an interactive chat with Bash
What role does a hypervisor play in a public cloud environment?
Open an interactive chat with Bash
How do security groups help isolate threats in a cloud environment?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .