ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
After a ransomware outbreak, an organization running critical workloads on Amazon EC2 instances must restore operations. Daily AWS Backup jobs create encrypted EBS volume snapshots that are stored in a protected backup vault with immutability enabled. Security policy requires that only malware-free data be reintroduced into production and that evidence of the compromise be preserved for later analysis. Which recovery approach BEST satisfies these requirements while minimizing the risk of reinfection?
Use AWS Backup to perform an in-place restore that overwrites the encrypted EBS volumes on the compromised instances, then run antivirus software after boot.
Export the most recent snapshot to on-premises storage, scan it with local antivirus tools, and after approval re-import and overwrite the original volumes on the production instance.
Attach the restored EBS volumes directly to the original infected EC2 instance in the production VPC, boot the system, and run the antivirus tool to remove any malicious files.
Copy the latest snapshot to a separate, isolated AWS account, restore it to new EBS volumes, attach them to a quarantined EC2 instance for malware scanning and patching, then move the sanitized AMI and data back into production.
Restoring a clean environment after ransomware requires that backups be treated as potentially contaminated until proven safe. The most secure method is to create new, isolated resources from the latest immutable snapshot, perform an offline malware scan, and patch the system before connecting it to production networks. This keeps the original compromised instance and volumes untouched for forensic analysis, maintains chain of custody, and avoids the risk of immediately re-infecting production. Re-attaching restored volumes to the still-compromised instance or performing in-place restores could allow dormant malware to reactivate. Launching the instance directly into the production VPC before validation also risks lateral spread. Exporting snapshots off-cloud adds complexity and delays recovery without providing additional security benefits compared with scanning in an isolated AWS account/VPC.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an EBS volume snapshot and why is it important for recovery?
Open an interactive chat with Bash
How does immutability in backup vaults improve security?
Open an interactive chat with Bash
Why is an isolated environment important for malware scanning?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Incident Response and Recovery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .