Identify the next step in the investigation of the security incident in Azure?

312-40 V1 0 Comments

An IT company uses two resource groups, named Production-group and Security-group, under the same subscription ID. Under the Production-group, a VM called Ubuntu18 is suspected to be compromised. As a forensic investigator, you need to take a snapshot (ubuntudisksnap) of the OS disk of the suspect virtual machine Ubuntu18 for further investigation and copy the snapshot to a storage account under Security-group.

Identify the next step in the investigation of the security incident in Azure?
A . Copy the snapshot to file share
B . Generate shared access signature
C . Create a backup copy of snapshot in a blob container
D . Mount the snapshot onto the forensic workstation

Answer: B

Explanation:

When an IT company suspects that a VM called Ubuntu18 in the Production-group has been compromised, it is essential to perform a forensic investigation. The process of taking a snapshot and ensuring its integrity and accessibility involves several steps:

Snapshot Creation: First, create a snapshot of the OS disk of the suspect VM, named ubuntudisksnap. This snapshot is a point-in-time copy of the VM’s disk, ensuring that all data at that moment is captured.

Snapshot Security: Next, to transfer this snapshot securely to a storage account under the Security-group, a shared access signature (SAS) needs to be generated. A SAS provides delegated access to Azure storage resources without exposing the storage account keys.

Data Transfer: With the SAS token, the snapshot can be securely copied to a storage account in the Security-group. This method ensures that only authorized personnel can access the snapshot for further investigation.

Further Analysis: After copying the snapshot, it can be mounted onto a forensic workstation for detailed examination. This step involves examining the contents of the snapshot for any malicious activity or artifacts left by the attacker.

Generating a shared access signature is a critical step in ensuring that the snapshot can be securely accessed and transferred without compromising the integrity and security of the data.

Reference: Microsoft Azure Documentation on Shared Access Signatures (SAS)

Azure Security Best Practices and Patterns

Cloud Security Alliance (CSA) Security Guidance for Critical Areas of Focus in Cloud Computing

Latest 312-40 Dumps Valid Version with 125 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download 312-40 PDF     312-40 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments