ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security administrator must satisfy corporate policy requiring a quarterly audit that verifies no S3 bucket allows public read access and that no security group permits inbound SSH from 0.0.0.0/0. The team wants to automate the evaluation, track historical compliance status, and receive a consolidated compliance report each month with minimal manual effort. Which solution best meets these requirements?
Enable AWS CloudTrail and run scheduled Amazon Athena queries each quarter to identify public S3 buckets and open SSH ports, then email the query results.
Configure AWS Config with the managed rules s3-bucket-public-read-prohibited and restricted-ssh, enable an aggregator across all accounts, and schedule monthly compliance reports to S3.
Turn on Amazon GuardDuty and create CloudWatch alarms that notify the team when findings related to public S3 access or SSH brute-force attempts are generated.
Purchase a Business Support plan and rely on AWS Trusted Advisor's weekly email reports to flag publicly accessible S3 buckets and open SSH ports.
AWS Config continuously records resource configurations and evaluates them against managed rules such as s3-bucket-public-read-prohibited and restricted-ssh. It keeps a historical compliance timeline, can aggregate results across multiple accounts, and exports periodic compliance reports to an S3 bucket, satisfying the need for automated, ongoing assessment and monthly reporting with little operational overhead.
CloudTrail plus Athena would require building and maintaining custom queries and reports and only provides event data, not configuration compliance status. GuardDuty focuses on threat detection rather than configuration compliance, and it does not offer built-in compliance reports. Trusted Advisor's weekly emails cover only some best-practice checks and cannot be customized to include all required controls or produce monthly consolidated reports, so it does not meet the stated needs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Config and how does it help in compliance management?
Open an interactive chat with Bash
How does AWS Config differ from AWS CloudTrail?
Open an interactive chat with Bash
What is the purpose of the managed rule 's3-bucket-public-read-prohibited'?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .