🔥 40% Off Crucial Exams Memberships — This Week Only

2 days, 11 hours remaining!
Crucial Exams

ISC2 Systems Security Certified Practitioner (SSCP) Practice Question

A security team ingests AWS CloudTrail and VPC Flow Logs into an on-premises SIEM. Analysts complain that successful Describe* and List* API calls clog dashboards, masking higher-risk activity and inflating ingestion costs. Without eliminating visibility into unauthorized or write operations, which log-tuning change provides the MOST effective reduction of noise at the source?

  • Modify the existing CloudTrail trail to log only management events with a WriteOnly read/write type and to include events that return an Error response.

  • Change the CloudWatch Logs retention policy for the CloudTrail log group to one day so excess data is purged quickly.

  • Configure VPC Flow Logs to capture only 10% of accepted traffic and all rejected traffic before forwarding to the SIEM.

  • Disable the CloudWatch Logs subscription filter that forwards CloudTrail to the SIEM while continuing to archive the raw logs in Amazon S3.

ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot