🔥 40% Off Crucial Exams Memberships — This Week Only

2 days, 11 hours remaining!
Crucial Exams

ISC2 Systems Security Certified Practitioner (SSCP) Practice Question

A security incident has exposed an Amazon EC2 instance that hosts sensitive customer data. The organization's digital-forensics policy states: 1) create a snapshot of the affected Amazon EBS volume using approved AWS tools, 2) immediately calculate and record an SHA-256 hash of the snapshot, and 3) upload both the hash value and the acquisition log to the secured evidence vault before any examination occurs. A junior cloud security engineer performs the following steps:

  • Creates the snapshot with the AWS CLI.
  • Attaches the snapshot to an isolated forensics account in read-only mode and inspects the file system for indicators of compromise.
  • Calculates the SHA-256 hash of the snapshot and stores the hash and acquisition log in the evidence vault.

Which step violated the organization's policy?

  • Uploading the acquisition log and hash file to the secured evidence vault via SFTP

  • Creating the snapshot of the EBS volume with the AWS CLI

  • Calculating a SHA-256 hash of the snapshot

  • Attaching the snapshot to an isolated account and inspecting the file system before hashing it

ISC2 Systems Security Certified Practitioner (SSCP)
Incident Response and Recovery
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot