ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security analyst investigating a potential privilege-escalation incident discovers that an IAM role was modified to attach the AdministratorAccess policy. The incident-response playbook requires collecting a log that shows the exact API call, the calling principal, source IP address, and timestamp before escalating the case to the CSIRT. Which AWS data source will most reliably provide all of this information?
VPC Flow Logs for the role's attached network interfaces
AWS Config configuration snapshots
Amazon CloudWatch metrics collected for IAM service events
AWS CloudTrail records management events for every IAM API call, including PutRolePolicy and AttachRolePolicy. Each event entry contains the requestor's identity, source IP address, AWS Region, timestamp, request parameters, and outcome, giving the incident-response team the detailed context needed for triage and escalation.
AWS Config retains configuration snapshots but does not capture the caller's identity or network origin. VPC Flow Logs record network traffic metadata, not IAM API activity. CloudWatch metrics can alert on IAM changes only if custom metrics are published; they do not natively include granular event details. Therefore, CloudTrail management events are the most complete and reliable evidence source.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS CloudTrail, and why is it reliable for tracking IAM API calls?
Open an interactive chat with Bash
What are AWS Config and its limitations in capturing IAM API activity?
Open an interactive chat with Bash
How do VPC Flow Logs differ from CloudTrail when monitoring AWS activity?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Incident Response and Recovery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .