Which THREE steps should a security engineer take to ensure that an incident response plan for an AWS environment is effective? (Choose three.)
Testing validates the plan's effectiveness.
Why this answer
Options A, B, and C are correct. Testing the plan via simulations (A) validates its effectiveness. Automating containment actions (B) reduces response time.
Documenting procedures and contacts (C) ensures clarity. Option D is wrong because using the root user for incident response is a security risk. Option E is wrong because storing evidence in public S3 buckets is insecure.