ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A company's security policy requires an operations team to be alerted in real time if anyone modifies or deletes an IAM customer-managed policy outside the approved change window. The team wants a cost-effective, fully managed solution that relies only on native AWS services and does not involve writing custom code. Which solution best meets these requirements?
Turn on CloudTrail Insights and set up an SNS notification so that any anomaly involving IAM activity triggers an alert.
Deliver CloudTrail events to CloudWatch Logs, create a metric filter that matches CreatePolicy, PutPolicyVersion, DeletePolicy, and DetachPolicy API calls, and configure a CloudWatch alarm to notify the team via SNS.
Enable Amazon GuardDuty and configure an SNS topic to forward any findings related to IAM activity.
Create an EventBridge rule for IAM policy change events that invokes a Lambda function to send an email whenever the rule matches.
CloudTrail already records every IAM API call. When the trail is configured to send events to CloudWatch Logs, metric filters can look for specific calls such as CreatePolicy, PutPolicyVersion, DeletePolicy, and DetachPolicy. A CloudWatch alarm that watches the metric can then use Amazon SNS to deliver immediate notifications. This approach is entirely managed, uses existing AWS services, and requires no Lambda or other custom code.
GuardDuty focuses on threat detection and does not generate findings solely for legitimate IAM policy changes. CloudTrail Insights finds statistical anomalies rather than specific configuration changes, so a normal but unscheduled change may go unnoticed. An EventBridge rule with a Lambda function would work but contradicts the requirement to avoid custom code and usually costs more to run and maintain than a metric filter and alarm.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS CloudTrail and how does it help in monitoring IAM activity?
Open an interactive chat with Bash
How does a CloudWatch metric filter work and what role does it play in this solution?
Open an interactive chat with Bash
What is Amazon SNS and how does it deliver alerts in this setup?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .