What should the Security Engineer use to isolate and research this event?
(Choose three.)
AWS CloudTrail
Amazon Athena
AWS Key Management Service (AWS KMS)
VPC Flow Logs
AWS Firewall Manager
Security groups
Explanations:
AWS CloudTrail logs provide detailed records of actions taken by users, services, or other AWS resources. This is useful to trace API calls, including the one that might have triggered the strange behavior in the EC2 instance.
VPC Flow Logs provide detailed records of the network traffic to and from the EC2 instance. This is helpful for identifying unusual or suspicious network activity related to the instance.
Security groups act as virtual firewalls to control traffic to the EC2 instance. By modifying or tightening security group rules, the Security Engineer can isolate the instance and prevent further unauthorized access during investigation.
Amazon Athena is a query service for data in Amazon S3. While useful for querying large datasets, it’s not specifically designed to isolate or investigate EC2 incidents.
AWS Key Management Service (AWS KMS) manages encryption keys. While essential for data security, it doesn’t provide tools for isolating or directly investigating EC2 instance behavior.
AWS Firewall Manager is used to manage and enforce security policies across multiple accounts and resources, but it does not provide specific tools for isolating or directly investigating an EC2 instance.