ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
While reviewing Amazon GuardDuty alerts, a security analyst notes repeated port-scan findings against several EC2 instances in a production VPC. The incident response plan requires documenting the evidence, preserving its integrity for audits, and promptly notifying operations and compliance staff. Which solution meets these requirements using AWS-native services?
Capture console screenshots of each finding, store the images on a developer laptop, and email them directly to the operations team.
Disable GuardDuty to stop additional alerts, then open a Jira ticket summarizing the incident without attaching supporting log data.
Post the finding IDs in a shared Slack channel and instruct engineers to investigate further when time permits.
Continuously export GuardDuty findings to an encrypted S3 bucket with Object Lock enabled, aggregate them in AWS Security Hub, and trigger an SNS email notification to the operations and compliance lists.
Exporting GuardDuty findings to an encrypted Amazon S3 bucket guarantees that the raw evidence is captured in its original format. Enabling S3 Object Lock (governance or compliance mode) prevents the records from being altered or deleted, preserving chain-of-custody for future audits. Aggregating the same findings in AWS Security Hub maintains a central view of the issue, and an Amazon SNS subscription provides an automated, tamper-evident channel to email both the operations and compliance teams. The other options either fail to preserve integrity (screenshots, Slack messages, Jira summary) or do not include a secure, automated notification mechanism.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon GuardDuty and how does it work?
Open an interactive chat with Bash
What is S3 Object Lock and how does it ensure data integrity?
Open an interactive chat with Bash
How does Amazon SNS help automate notifications in incident response?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .