ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security analyst is investigating a possible slow-moving data exfiltration that may have taken place during the last four weeks. All firewall, proxy, and DLP events are collected in the organization's SIEM with timestamps normalized to UTC. To quickly highlight periods of abnormal outbound byte volume across days and hours-and still allow drill-down into specific time windows-which type of visualization will best support the analyst's timeline analysis?
A scatter plot showing source IP addresses on the X-axis and destination ports on the Y-axis for all outbound flows.
A heat map that plots outbound byte counts with days on one axis and hours of the day on the other, using color intensity to indicate volume.
A treemap that groups events by protocol inside rectangles sized by source subnet traffic volume.
A pie chart summarizing the proportion of outbound traffic sent to each destination country during the four-week period.
A day-by-hour heat map is specifically designed for time-series exploration. By placing days on one axis and hours on the other, each cell's color intensity immediately exposes spikes or gaps in activity, letting the analyst see when outbound traffic deviates from the established baseline. The display keeps the temporal relationship of events intact and allows rapid selection of suspicious cells for deeper inquiry. Pie charts aggregate data and hide temporal sequencing, scatter plots focus on relationships between categorical pairs rather than time, and treemaps emphasize hierarchical composition rather than chronological trends-none of which serve the primary need of visualizing volume changes over a multi-week timeline.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a SIEM and why is it important for security analysis?
Open an interactive chat with Bash
How does a heat map support data analysis better than other visualization types?
Open an interactive chat with Bash
What is the benefit of UTC normalization in event timestamps?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .