Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25

- Free Preparation Discussions

Eccouncil Exam 312-49 Topic 1 Question 70 Discussion

Actual exam question for Eccouncil's 312-49 exam

Question #: 70
Topic #: 1

[All 312-49 Questions]

Donald made an OS disk snapshot of a compromised Azure VM under a resource group being used by the affected company as a part of forensic analysis process. He then created a vhd file out of the snapshot and stored it in a file share and as a page blob as backup in a storage account under different region. What Is the next thing he should do as a security measure?

ARecommend changing the access policies followed by the company

BDelete the snapshot from the source resource group

CDelete the OS disk of the affected VM altogether

DCreate another VM by using the snapshot

Show Suggested Answer

Suggested Answer: B

by Sheridan at Sep 19, 2024, 04:58 AM

Limited Time Offer

25%

Off

Get Premium 312-49 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Tamra

2 months ago

Option D sounds tempting, but I don't think creating another VM from the compromised snapshot is a good idea. Let's stick to the security basics here.

upvoted 0 times

Pilar

1 months ago

C) Delete the OS disk of the affected VM altogether

upvoted 0 times

...

Julianna

1 months ago

B) Delete the snapshot from the source resource group

upvoted 0 times

...

Bettina

1 months ago

A) Recommend changing the access policies followed by the company

upvoted 0 times

...

...

Herschel

2 months ago

Haha, I bet Donald is regretting not using a self-destructing VM for this forensic analysis. Option C is the only way to be sure!

upvoted 0 times

Pearly

1 months ago

C) Delete the OS disk of the affected VM altogether

upvoted 0 times

...

Rima

1 months ago

B) Delete the snapshot from the source resource group

upvoted 0 times

...

Val

1 months ago

A) Recommend changing the access policies followed by the company

upvoted 0 times

...

...

Alpha

3 months ago

I believe creating another VM using the snapshot would be a good security measure as well.

upvoted 0 times

...

Glennis

3 months ago

I would recommend option A. Changing the access policies could help strengthen the security measures and prevent similar incidents in the future.

upvoted 0 times

Wava

2 months ago

Definitely, security measures need to be strengthened.

upvoted 0 times

...

Peggie

2 months ago

It's important to prevent similar incidents from happening again.

upvoted 0 times

...

Delmy

2 months ago

I agree, changing the access policies is crucial for security.

upvoted 0 times

...

Genevieve

3 months ago

I think option A is the best choice.

upvoted 0 times

...

...

Dianne

3 months ago

I agree with Evette, changing access policies is crucial for security.

upvoted 0 times

...

Dyan

3 months ago

Option B is the way to go. Deleting the snapshot from the source resource group is the prudent move to prevent any further compromise.

upvoted 0 times

Gilbert

2 months ago

B) Delete the snapshot from the source resource group

upvoted 0 times

...

Daren

3 months ago

A) Recommend changing the access policies followed by the company

upvoted 0 times

...

...

Evette

3 months ago

I think Donald should recommend changing the access policies.

upvoted 0 times

...