incident-response-trainer
Mock scenarios · Rule-based grading
CatalogOverviewSnapshot
← Back to catalog
Cloud InfrastructurehardExposed Cloud Backup SnapshotCritical asset
Scenario

Backup snapshot shared publicly — recovery + data-exposure incident

A hard Cloud Infrastructure scenario on Exposed Cloud Backup Snapshot.

Practice this scenario

Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.

Launches this exact scenario. One of 2 templates in this Track + Difficulty pool.

catalog id · cloud-exposed-cloud-backup-snapshot

Training alignment

What this scenario practices, mapped to recognized frameworks.

Educational mapping only. Not a compliance attestation.

What this trains
  • Contain a publicly-shared backup snapshot
  • Validate recovery integrity and harden sharing controls
MITRE ATT&CKmitre-attack
  • Transfer Data to Cloud Account · ExfiltrationT1537 · TA0010
    MappedHigh confidence

    Trains response to a backup snapshot shared publicly or to an unknown account.

MITRE D3FENDmitre-d3fend
  • Resource Access Policy AuditingD3-RAPA
    MappedHigh confidence

    Trains auditing and removing the snapshot share and checking the encryption key policy.

  • User Account PermissionsD3-UAP
    MappedMedium confidence

    Trains scoping the backup-automation identity that set the share.

NIST CSF 2.0nist-csf-2
  • Data Security · ProtectPR.DS · PR
    MappedHigh confidence

    Trains the data-security posture for backups holding production data.

  • Incident Recovery Plan Execution · RecoverRC.RP · RC
    MappedHigh confidence

    Trains validating a clean, trustworthy recovery source after the exposure.

NIST SP 800-61r3nist-sp-800-61r3
  • IR lifecycle phaseContainment, Eradication & Recovery
    MappedHigh confidence

    Trains making the snapshot private and confirming recovery integrity.

  • IR lifecycle phasePost-Incident Activity
    MappedMedium confidence

    Trains hardening snapshot-sharing controls so the automation bug cannot recur.

CISA Cybersecurity Performance Goalscisa-cpg
  • System Backups2.O
    MappedHigh confidence

    Trains the backup-protection baseline the exposed snapshot violated.

  • Secure Sensitive Data2.I
    MappedMedium confidence

    Trains the sensitive-data baseline for production data inside backups.

CIS Controls v8cis-controls
  • Data ProtectionControl 3
    MappedHigh confidence

    Trains the data-protection control the snapshot exposure exercises.

  • Data RecoveryControl 11
    MappedHigh confidence

    Trains the data-recovery control behind validating a clean recovery source.