ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company has multiple AWS accounts linked with AWS Organizations. The security team wants an automated solution that can immediately apply machine-learning techniques to CloudTrail management events, VPC Flow Logs, and DNS query logs in every member account to identify unusual API calls, reconnaissance activity, and potentially compromised EC2 instances. The team does not want to build or manage any additional infrastructure. Which approach best meets these requirements?
Build a custom anomaly-detection pipeline in Amazon SageMaker that ingests the logs from each account, trains a model, and raises Amazon SNS alerts on suspicious behavior.
Create AWS Config custom rules in each account to evaluate resource changes and publish non-compliant events to an Amazon EventBridge bus for analysis.
Turn on CloudTrail Insights in every account and configure Amazon CloudWatch metric filters and alarms to flag spikes in API call volume.
Enable Amazon GuardDuty for all member accounts through AWS Organizations and allow it to continuously analyze CloudTrail, VPC Flow Logs, and DNS logs for threats using built-in machine-learning models.
The option that enables Amazon GuardDuty at the organization level is correct because GuardDuty is a native AWS threat-detection service that automatically consumes CloudTrail, VPC Flow Logs, and DNS logs from all linked accounts and applies machine-learning and threat-intelligence models to identify anomalous or malicious activity. It is fully managed, so the security team does not need to build or maintain any infrastructure.
Creating a custom anomaly-detection model in Amazon SageMaker would meet the machine-learning requirement, but it requires significant data-engineering effort, model training, and ongoing infrastructure management, contradicting the low-overhead constraint. Enabling CloudTrail Insights adds some anomaly detection for API call volume but does not analyze VPC Flow Logs or DNS logs, nor does it provide comprehensive threat intelligence. AWS Config rules can detect configuration drift but do not perform machine-learning-based behavioral analytics on traffic or API patterns. Therefore, enabling Amazon GuardDuty organization-wide is the most effective and operationally efficient choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does Amazon GuardDuty use machine learning?
Open an interactive chat with Bash
What are the benefits of enabling Amazon GuardDuty through AWS Organizations?
Open an interactive chat with Bash
What data sources does Amazon GuardDuty analyze for threats?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .