New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 312-49 Exam - Topic 1 Question 70 Discussion

Actual exam question for Eccouncil's 312-49 exam
Question #: 70
Topic #: 1
[All 312-49 Questions]

Donald made an OS disk snapshot of a compromised Azure VM under a resource group being used by the affected company as a part of forensic analysis process. He then created a vhd file out of the snapshot and stored it in a file share and as a page blob as backup in a storage account under different region. What Is the next thing he should do as a security measure?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Sheridan at Sep 19, 2024, 04:58 AM

Limited Time Offer

25%

Off

Get Premium 312-49 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Clarinda
3 months ago
Creating another VM could lead to more issues if the threat persists.
upvoted 0 times
...
Lavera
3 months ago
Deleting the OS disk seems too extreme.
upvoted 0 times
...
Stephaine
3 months ago
Surprised he didn't create a new VM from the snapshot first!
upvoted 0 times
...
Lavonna
4 months ago
I think deleting the snapshot is a bad idea.
upvoted 0 times
...
Lea
4 months ago
Definitely recommend changing the access policies!
upvoted 0 times
...
Rodolfo
4 months ago
I feel like deleting the OS disk altogether could be too drastic. We need to analyze the data first before making such a decision.
upvoted 0 times
...
Skye
4 months ago
Creating another VM from the snapshot sounds familiar, but I wonder if that would just reintroduce the same vulnerabilities.
upvoted 0 times
...
Reuben
4 months ago
I'm not entirely sure, but deleting the snapshot from the source resource group might be risky. I remember something about preserving evidence in forensics.
upvoted 0 times
...
Rashad
5 months ago
I think he should probably recommend changing the access policies. It seems like a good way to secure the environment after a compromise.
upvoted 0 times
...
Alex
5 months ago
Based on the information provided, I believe the best course of action is to delete the snapshot from the source resource group. That way, we can prevent any further potential misuse of the compromised data.
upvoted 0 times
...
Emogene
5 months ago
I'm a bit confused on the details here. Can we go over the question again? I want to make sure I understand the full context before deciding.
upvoted 0 times
...
Dahlia
5 months ago
Okay, let's see. I think the key here is to minimize the risk of the compromised data being accessed or misused. Deleting the snapshot seems like the safest bet.
upvoted 0 times
...
Olene
5 months ago
Hmm, this seems like a tricky one. I'll need to think through the security implications of each option carefully.
upvoted 0 times
...
Maia
5 months ago
I'm pretty confident that deleting the snapshot is the right move here. It's the most direct way to secure the compromised data and prevent it from being accessed or spread further.
upvoted 0 times
...
Tamra
1 year ago
Option D sounds tempting, but I don't think creating another VM from the compromised snapshot is a good idea. Let's stick to the security basics here.
upvoted 0 times
Pilar
1 year ago
C) Delete the OS disk of the affected VM altogether
upvoted 0 times
...
Julianna
1 year ago
B) Delete the snapshot from the source resource group
upvoted 0 times
...
Bettina
1 year ago
A) Recommend changing the access policies followed by the company
upvoted 0 times
...
...
Herschel
1 year ago
Haha, I bet Donald is regretting not using a self-destructing VM for this forensic analysis. Option C is the only way to be sure!
upvoted 0 times
Pearly
1 year ago
C) Delete the OS disk of the affected VM altogether
upvoted 0 times
...
Rima
1 year ago
B) Delete the snapshot from the source resource group
upvoted 0 times
...
Val
1 year ago
A) Recommend changing the access policies followed by the company
upvoted 0 times
...
...
Alpha
1 year ago
I believe creating another VM using the snapshot would be a good security measure as well.
upvoted 0 times
...
Glennis
1 year ago
I would recommend option A. Changing the access policies could help strengthen the security measures and prevent similar incidents in the future.
upvoted 0 times
Wava
1 year ago
Definitely, security measures need to be strengthened.
upvoted 0 times
...
Peggie
1 year ago
It's important to prevent similar incidents from happening again.
upvoted 0 times
...
Delmy
1 year ago
I agree, changing the access policies is crucial for security.
upvoted 0 times
...
Genevieve
1 year ago
I think option A is the best choice.
upvoted 0 times
...
...
Dianne
1 year ago
I agree with Evette, changing access policies is crucial for security.
upvoted 0 times
...
Dyan
1 year ago
Option B is the way to go. Deleting the snapshot from the source resource group is the prudent move to prevent any further compromise.
upvoted 0 times
Gilbert
1 year ago
B) Delete the snapshot from the source resource group
upvoted 0 times
...
Daren
1 year ago
A) Recommend changing the access policies followed by the company
upvoted 0 times
...
...
Evette
1 year ago
I think Donald should recommend changing the access policies.
upvoted 0 times
...

Save Cancel