ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
An operations team manages an Amazon EC2 Linux bastion host. A new security policy requires a host-based IDS that must (1) perform continuous log analysis for suspicious events, (2) provide real-time file integrity monitoring of /etc and /usr/bin, (3) forward alerts to the company's existing syslog-based SIEM, and (4) avoid installing any kernel-mode drivers that could violate AWS support policies. Which approach best meets these requirements with minimal additional tooling?
Install an OSSEC agent on the instance, enable its syscheck and logcollector modules, and configure OSSEC to forward alerts over syslog to the SIEM.
Rely on AWS CloudTrail and Amazon GuardDuty to detect unauthorized file changes and suspicious host log entries on the EC2 instance.
Schedule cron jobs to run md5sum on critical directories and upload the results to Amazon S3 for daily review with Amazon Athena queries.
Enable VPC traffic mirroring to send instance traffic to a network IDS appliance that inspects packets for malicious signatures.
OSSEC is an open-source host-based intrusion detection system that runs entirely in user space, so it does not install kernel drivers that might conflict with AWS support guidelines. Its built-in logcollector module tails local system and application logs in real time, while the syscheck module monitors critical files and directories for unauthorized changes using cryptographic checksums. OSSEC can be configured to send alerts through standard syslog, allowing seamless integration with an on-premises SIEM.
A network IDS fed by VPC traffic mirroring cannot see host log entries or file changes. CloudTrail and GuardDuty analyze AWS control-plane and network telemetry but do not provide on-instance file integrity monitoring. A custom cron-based md5sum script offers only periodic, manual checking and lacks real-time log analysis or automated alert forwarding, so it does not satisfy the policy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is OSSEC and why is it ideal for this scenario?
Open an interactive chat with Bash
What role does the syscheck module of OSSEC play?
Open an interactive chat with Bash
Why doesn't VPC traffic mirroring or AWS tools like CloudTrail and GuardDuty meet the requirements?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .