🔥 40% Off Crucial Exams Memberships — This Week Only

2 days, 12 hours remaining!
Crucial Exams

ISC2 Systems Security Certified Practitioner (SSCP) Practice Question

During a security monitoring review, an organization discovers that its SOC ignores many notifications generated whenever a single server briefly exceeds its baseline for failed-login attempts. The security analyst must reconfigure notifications so the SOC receives an alert only when abnormal spikes persist across multiple evaluation periods, while still acting in near real time. Which configuration change BEST meets this requirement?

  • Disable near-real-time alerts and instead generate an hourly summary report of failed-login anomalies for manual SOC review.

  • Forward all failed-login events to the data lake for weekly audit analysis rather than sending live notifications.

  • Create a dynamic (statistical) threshold that triggers only after the baseline is breached in two consecutive evaluation periods and route the alert to the SOC's notification channel.

  • Keep the existing static threshold but change the notification to fire on every evaluation period regardless of duration.

ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot