Q: 5
In a cloud technology environment, which of the following would pose the GREATEST challenge to
the investigation of security incidents?
Options
Discussion
Option C
C . Non-standard event logs make incident response much harder, especially in the cloud where everything is scattered across platforms. Standardizing and correlating logs is a nightmare. Not 100% sure if D could ever be worse, but inconsistent logs have tripped up teams I know.
B , because if everything's encrypted and you don't have the keys, you're basically locked out of actual evidence. Logs could be messy but still readable or convertible, but encryption without access might totally block investigation. Not 100% sure though since C is also a hassle.
B tbh, had something like this in a mock and encryption was flagged as a major blocker. If data is encrypted and you don’t have keys, you’re basically stuck. Not sure if C is worse than that-happy to be corrected.
Is anyone thinking data encryption (B) could be more of a blocker for investigations than odd log formats? I'm pretty sure C is right since if the logs aren't standardized, it's almost impossible to piece together what happened. But I get why D or B might confuse people.
C every time for practical cloud forensics. If the logs are all over the place or inconsistent, you can't even start correlating events. Maybe D could hurt if it's unreadable but that's rare imo.
C/D? If the cloud provider's logs weren't standardized, even good access to hardware or decrypted data wouldn't help much. C has bitten teams before in IR from similar exam cases.
C vs B. I don’t think encryption (B) is as tough here since, in most cases, investigators can get access to keys if needed. But non-standard event logs (C) create way more confusion and slow everything down. Seen similar on practice questions, but let me know if you disagree.
Probably C here, seen this pop up on official practice questions before. Non-standard event logs just make incident investigations in cloud way harder to manage. Official guide covers this scenario too, but I think C fits best.
C , non-standard event logs can really mess with investigations since nothing lines up easily across systems. Encryption is tough but there's usually a way to decrypt if you have proper access. Pretty sure C is what they're looking for here, but open if folks think otherwise.
Be respectful. No spam.
