ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
An AWS-based e-commerce company detects that one EC2 instance in an Auto Scaling group is communicating with a known command-and-control server. According to NIST incident response guidance, which action represents the most appropriate short-term containment step before deeper analysis and eradication begin?
Restore the entire application stack from the previous night's backup to eliminate any malicious changes.
Detach the affected instance from the Auto Scaling group and place it in an isolated quarantine subnet with a restrictive security group.
Patch the application on all instances and redeploy a new Amazon Machine Image (AMI) across the Auto Scaling group.
Issue a public breach notification and schedule a lessons-learned meeting with stakeholders.
Short-term containment aims to limit the attacker's ability to continue malicious activity while preserving evidence for later analysis. Isolating the compromised system achieves this by cutting off any further interaction with the threat actor and preventing lateral movement, yet keeps the instance available for forensic imaging. Patching software or redeploying a clean AMI are eradication or long-term containment actions. Restoring from backups is part of the recovery phase, and issuing public notifications or holding lessons-learned meetings occurs during post-incident activities, not during initial containment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Auto Scaling group in AWS, and how does it function?
Open an interactive chat with Bash
What is a quarantine subnet, and why is it used in incident response?
Open an interactive chat with Bash
What is the difference between short-term containment and eradication in incident response?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Incident Response and Recovery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .