ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your security operations team is updating its incident response plan for a multi-account AWS environment. To comply with the NIST SP 800-61 preparation phase guidance on ensuring tool and resource readiness, which of the following actions will MOST improve the team's ability to collect and analyze evidence quickly when a security incident is declared?
Enable a cross-account AWS CloudTrail trail that logs all management events to an immutable Amazon S3 bucket with Object Lock enabled.
Publish an incident severity matrix in the organization's wiki that maps attack categories to notification requirements and on-call contacts.
Conduct quarterly tabletop exercises that rehearse the incident escalation workflow with senior management and legal counsel.
Create and maintain a hardened Amazon Machine Image (AMI) that contains preconfigured forensic and malware analysis tools, and allow deployment only in a dedicated, isolated investigation account.
NIST SP 800-61 recommends that, during the preparation phase, teams pre-position and maintain the hardware, software, and environments they will rely on during an incident. Creating a hardened forensic-analysis AMI and restricting its use to a segregated investigation account ensures analysts can instantly spin up trusted, preconfigured systems without contaminating evidence or disrupting production.
The other choices address important preparation tasks but focus on different objectives: centralizing CloudTrail with Object Lock supports detection and evidence preservation, not rapid analysis tooling; tabletop exercises pertain to training, not tool readiness; and publishing a severity matrix refines communication and escalation, not the availability of forensic workstations. Therefore, the prebuilt forensic workstation AMI most directly satisfies the tool and resource readiness recommendation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Amazon Machine Image (AMI) and why is it important for incident response?
Open an interactive chat with Bash
What is NIST SP 800-61 and how does it guide incident preparation?
Open an interactive chat with Bash
What are the key benefits of using a segregated investigation account in AWS for incident response?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Incident Response and Recovery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .