# Task Statement 1.3: Respond to compromised resources and workloads.
## Knowledge of:• AWS Security Incident Response Guide.• Resource isolation mechanisms.• Techniques for root cause analysis.• Data capture mechanisms.• Log analysis for event validation.
## Skills in:• Automating remediation by using AWS services (for example, AWS Lambda, AWS Step Functions, EventBridge, AWS Systems Manager runbooks, Security Hub, AWS Config)• Responding to compromised resources (for example, by isolating Amazon EC2 instances)• Investigating and analyzing to conduct root cause analysis (for example, by using Detective)• Capturing relevant forensics data from a compromised resource (for example, Amazon Elastic Block Store [Amazon EBS] volume snapshots, memory dump)• Querying logs in Amazon S3 for contextual information related to security events (for example, by using Athena)• Protecting and preserving forensic artifacts (for example, by using S3 Object Lock, isolated forensic accounts, S3 Lifecycle, and S3 replication)• Preparing services for incidents and recovering services after incidents.
