ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security engineer is conducting an architecture risk review for a new serverless analytics pipeline that ingests files into an S3 bucket, triggers a Lambda function for processing, and stores the output in DynamoDB. The review must focus on design flaws that could enable an attacker who gains access to one component to move laterally or escalate privileges within the workload. Which activity during the review will best surface this specific risk before production deployment?
Review the Lambda function's IAM execution role and its trust policy to verify that only required permissions and principals are allowed.
Subscribe the application to AWS Shield Advanced to obtain DDoS detection and response support from AWS.
Configure DynamoDB auto scaling policies to ensure that the table adapts to variable workloads without throttling.
Enable S3 server access logging to monitor and later analyze read and write operations on the ingestion bucket.
Analyzing the IAM role trust policies and permission statements for the Lambda function directly addresses whether the function can assume unnecessary privileges or be invoked by unintended principals. This task exposes lateral-movement and privilege-escalation paths that arise from overly broad or improperly scoped IAM policies-one of the most common architecture-level flaws in serverless designs. While the other actions increase security or reliability, they do not specifically identify escalation vectors: S3 access logs detect events after the fact, DynamoDB auto scaling is performance focused, and AWS Shield Advanced mitigates DDoS attacks without assessing internal privilege boundaries.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are IAM roles in AWS and how do they function in security design?
Open an interactive chat with Bash
What is lateral movement in cybersecurity, and why is it relevant in serverless architectures?
Open an interactive chat with Bash
How do trust policies in AWS IAM affect security in serverless applications?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .