Which technique is used to capture a point-in-time view of the stack during an incident?

Creating a snapshot using API calls is the most effective technique for capturing a point-in-time view of the stack during an incident. Snapshots preserve the current state of an application or system's environment, including the data and configurations at that specific moment. This allows for a detailed analysis of the incident without altering the original data or system state, facilitating better understanding and investigation.

In the context of incident response, snapshots are particularly useful because they enable the response team to review the complete stack state, including running processes, system configurations, and data. They can then utilize this information to identify anomalies or issues related to the incident.

Other techniques, while valuable, do not provide the same comprehensive snapshot of the system's state. Collecting metadata during an alert focuses on gathering information about the alert itself rather than the overall system state. Examining configuration data can help understand the intended setup, but it doesn’t capture the live context during the incident. Reviewing data access logs can provide insights into access patterns and might hint at potential issues, but it does not create a real-time view of the entire system stack at that moment. Hence, creating a snapshot via API ensures a holistic and accurate representation of the environment at the time of the incident.