🔥 40% Off Crucial Exams Memberships — This Week Only

2 days, 11 hours remaining!
Crucial Exams

ISC2 Systems Security Certified Practitioner (SSCP) Practice Question

After eradicating malware from an EC2-based application, the incident response team launches a fresh instance from a known-good, encrypted AMI backup. The RTO is 45 minutes and the business is pressuring to return service. According to the recovery phase of the incident response lifecycle, what should the team do next before placing the instance behind the production load balancer?

  • Rotate all IAM access keys used by the application and update the entries in AWS Secrets Manager.

  • Connect the instance to the production Auto Scaling group immediately and monitor Amazon CloudWatch for anomalies.

  • Archive forensic EBS snapshots of the compromised instance to Amazon S3 Glacier Deep Archive for long-term retention.

  • Execute automated security and functional validation tests in a staging VPC to confirm the instance's integrity.

ISC2 Systems Security Certified Practitioner (SSCP)
Incident Response and Recovery
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot