300-215 Question #97: Real Exam Question with Answer & Explanation

Question

What is a concern for gathering forensics evidence in public cloud environments?

Options

• AHigh Cost: Cloud service providers typically charge high fees for allowing cloud forensics.
• BConfiguration: Implementing security zones and proper network segmentation.
• CTimeliness: Gathering forensics evidence from cloud service providers typically requires
• DMultitenancy: Evidence gathering must avoid exposure of data from other tenants.

Explanation

One of the primary concerns when gathering forensic evidence in public cloud environments is the issue of multitenancy. In a shared cloud infrastructure, multiple tenants (organizations or users) operate on the same physical hardware, using virtualization to logically separate resources. This architecture poses a significant challenge for forensic investigations because: Forensic investigators must ensure that they do not inadvertently access or expose data belonging to other tenants while collecting evidence. This can limit access to low-level system data or hardware-level logs that might be essential for a thorough forensic analysis, since providers must enforce strict data isolation policies. This concern is recognized in industry practices and guidelines, including NIST SP 800-86, which underscores the need to collect data in a forensically sound and legally defensible manner-- something made more complex in shared The Cisco CyberOps Associate guide emphasizes the challenges of evidence handling in cloud environments, stating that "gathering evidence in the cloud must be carefully performed to ensure compliance with legal standards and to respect the boundaries of other tenants' data".

No community discussion yet for this question.