SCS-C03 · Question #3
SCS-C03 Question #3: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C03 to reveal the answer and full explanation for question #3. The question stem and answer options stay visible for context.
Question
A security engineer receives a notice about suspicious activity from a Linux-based Amazon EC2 instance that uses Amazon Elastic Block Store (Amazon EBS)-based storage. The instance is making connections to known malicious addresses. The instance is in a development account within a VPC that is in the us-east-1 Region. The VPC contains an internet gateway and has a subnet in us-east-1a and us-east-1b. Each subnet is associated with a route table that uses the internet gateway as a default route. Each subnet also uses the default network ACL. The suspicious EC2 instance runs within the us-east-1b subnet. During an initial investigation, a security engineer discovers that the suspicious instance is the only instance that runs in the subnet. Which response will immediately mitigate the attack and help investigate the root cause?
Options
- ALog in to the suspicious instance and use the netstat command to identify remote connections.
- BUpdate the outbound network ACL for the subnet in us-east-1b to explicitly deny all connections
- CEnsure that the Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the
- DCreate an AWS WAF web ACL that denies traffic to and from the suspicious instance. Attach the
Unlock SCS-C03 to see the answer
You've previewed enough free SCS-C03 questions. Unlock SCS-C03 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.