ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
During a recent audit, a security administrator learned that senior management wants visibility into geographic patterns of failed logon attempts. The organization's cloud-hosted SIEM already collects authentication events from every regional domain. To give executives an at-a-glance view during weekly risk meetings and to preserve data for long-term trend analysis, which SIEM configuration change should the administrator perform first?
Configure the platform to suppress low- and medium-severity failed logon events to reduce dashboard noise.
Enable real-time email alerts when any single host registers five failed logons within one minute.
Build a time-series line chart of failed logon counts per region covering the last 30 days.
Add a geographic map widget that shades each region by the number of failed logon events over a 7-day rolling window.
A geographic (choropleth or heat-map) widget immediately visualizes where failed logon attempts are coming from, meeting management's request for geographic patterns. Displaying counts per region over a 7-day rolling window aligns with weekly review cycles while still retaining sufficient history for trend analysis. A time-series line chart can show growth over time but lacks spatial context, real-time email alerts address incident response rather than strategic visibility, and suppressing lower-severity or deleting detailed logs would remove data needed for accurate long-term pattern recognition.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a SIEM and why is it important in cybersecurity?
Open an interactive chat with Bash
What is a geographic map widget in a SIEM, and why use it for failed logon attempts?
Open an interactive chat with Bash
What is the significance of analyzing failed logon attempts over a 7-day rolling window?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .