ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company operates several production VPCs in separate AWS accounts. During a recent tabletop exercise, incident responders spent 45 minutes downloading forensic utilities and launching temporary analysis hosts before they could begin evidence collection. To strengthen tool and resource readiness, which proactive measure would most effectively eliminate this delay while following AWS security best practices?
Rely on AWS Marketplace forensic appliance listings and spin them up only after an incident is confirmed.
Maintain a hardened AMI containing all required forensic tools in a dedicated security tooling account and allow incident responders to launch instances from it using pre-approved IAM roles.
Require every application team to embed the full forensic toolset in the production AMIs for their workloads.
Place installation packages for forensic utilities in an S3 bucket with public read access so responders can download them to any host when needed.
Maintaining a pre-hardened AMI in a security-dedicated account lets responders launch clean, trusted EC2 instances in seconds and immediately start evidence collection. The image is built and patched ahead of time, includes the full forensic toolkit, and can be deployed into an isolated environment via pre-approved IAM roles. Public buckets merely shift the install step to incident time and create additional exposure. Launching Marketplace products on demand still requires console navigation, licensing, and configuration. Adding the entire toolset to every production AMI violates least-privilege principles, increases the attack surface of business systems, and does not provide an isolated workspace for analysis.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an AMI in AWS?
Open an interactive chat with Bash
What is the principle of least privilege in AWS?
Open an interactive chat with Bash
How do IAM roles enhance security in forensic processes on AWS?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Incident Response and Recovery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .