ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A media company hosts multiple web applications in several AWS accounts. The security team runs an on-premises SIEM that must receive security findings within seconds to trigger incident response playbooks. They want to avoid building and operating custom polling jobs or log shipping agents. Which approach delivers the required near-real-time visibility with the least operational overhead?
Stream CloudTrail and VPC Flow Logs through Kinesis Data Firehose with a 15-minute buffer interval to an S3 bucket that the SIEM polls.
Deploy a Lambda function in each account that tail-follows CloudWatch Logs and pushes entries to the SIEM over Syslog.
Rely on AWS Config rules to detect non-compliant resources and forward evaluation reports to the SIEM daily via Amazon SNS.
Enable Amazon GuardDuty in all accounts and use an EventBridge rule to send GuardDuty findings to an HTTPS API destination in the SIEM account.
Amazon GuardDuty continuously analyzes CloudTrail management events, VPC Flow Logs, and DNS logs to generate security findings-such as reconnaissance or anomalous API calls-typically within minutes. GuardDuty can be enabled in every account and configured for centralized aggregation. It automatically sends each finding to Amazon EventBridge, which natively supports cross-account event routing. By creating an EventBridge rule that targets an HTTPS API destination pointing to the SIEM, findings are pushed to the platform almost immediately without the need for custom log collectors or scheduled jobs. The other options either rely on batch delivery (Kinesis Data Firehose with periodic buffering), still require building and managing data parsing functions (Lambda transformations), or generate configuration compliance snapshots instead of real-time threat findings (AWS Config). Therefore, enabling GuardDuty with EventBridge routing best meets the requirement for rapid detection with minimal operational effort.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon GuardDuty and how does it work?
Open an interactive chat with Bash
How does Amazon EventBridge simplify event routing in AWS?
Open an interactive chat with Bash
Why is enabling GuardDuty with EventBridge better than using Kinesis or Lambda for SIEM integration?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .