ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
Your organization's SaaS platform suffers from unpredictable request-latency spikes. Infrastructure metrics and web-access logs are already forwarded to the SIEM, but they do not reveal where requests stall across several microservices. Which additional observable should the DevSecOps team collect to isolate the bottleneck?
Security audit events generated by the identity and access management service
Scheduled vulnerability scan reports for container images
SNMP traps reporting interface status from edge routers
Distributed trace data that assigns a unique correlation ID to each request
Distributed trace data records the path of a single request across every microservice, tagging each hop with timestamps using a shared correlation ID. This makes it possible to see exactly where latency is introduced and to compare spans across requests. SNMP traps focus on network device status, not application flow. IAM security audit events help track authentication activity, but they provide no timing information for individual service calls. Vulnerability scan reports describe software flaws on hosts or images and are produced too infrequently to diagnose real-time performance spikes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is distributed trace data?
Open an interactive chat with Bash
Why is a correlation ID important in distributed tracing?
Open an interactive chat with Bash
How does distributed tracing differ from traditional logging?
Open an interactive chat with Bash
What is distributed tracing in microservices?
Open an interactive chat with Bash
How does a correlation ID help with performance analysis?
Open an interactive chat with Bash
What are the limitations of SNMP traps compared to distributed tracing?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)