Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

Your security team feeds a cloud-hosted SIEM with machine-learning analytics using three sources today: cloud provider API audit logs, operating-system event logs from all virtual machines, and alerts from the web application firewall placed at the Internet edge. Despite this, recent red-team testing showed that malware running in a compromised container was able to communicate with a second subnet and establish command-and-control (C2) traffic without triggering any alert. To close this visibility gap while re-using the SIEM's analytics, which additional data source should you integrate first?

  • East-west flow logs from the cloud virtual network (such as VPC Flow Logs or VNet Flow Logs) that record traffic between internal subnets.

  • Access logs from the object storage service that record read and write operations.

  • Weekly status exports from the enterprise patch-management platform.

  • Invocation metrics from all serverless functions handling background jobs.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot