CCSE CCSE Incident Response & Forensics in Cloud

Question 1

Which phase of the incident response lifecycle involves identifying indicators of compromise (IoCs) in a cloud environment?

Accepted Answer

Detection and Analysis

Answer

Preparation

Answer

Containment

Answer

Eradication

Question 2

When performing cloud forensics, which service in AWS provides immutable API call logs critical for investigation?

Accepted Answer

AWS CloudTrail

Answer

AWS Config

Answer

Amazon CloudWatch

Answer

AWS GuardDuty

Question 3

What is the primary challenge of digital forensics in cloud environments compared to traditional on-premises forensics?

Accepted Answer

Multi-tenancy and shared infrastructure

Answer

Lack of encryption support

Answer

Limited storage capacity

Answer

Absence of logging capabilities

Question 4

During cloud incident containment, which action best limits lateral movement by a compromised cloud workload?

Accepted Answer

Applying restrictive security group rules to isolate the resource

Answer

Terminating all cloud instances

Answer

Disabling all IAM users

Answer

Shutting down the cloud account

Question 5

Which concept ensures that cloud forensic evidence maintains its integrity from collection through court presentation?

Accepted Answer

Chain of custody

Answer

Data sovereignty

Answer

Data residency

Answer

Evidence tokenization

Question 6

In a cloud incident response plan, what does the term 'runbook' refer to?

Accepted Answer

A predefined set of automated or manual steps for responding to specific incidents

Answer

A real-time threat intelligence feed

Answer

A cloud provider's SLA document

Answer

A penetration testing report