ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company has multiple AWS accounts. You must detect credential-compromise indicators-unusual API calls, EC2 port scans, and DNS-based data exfiltration-using a fully managed service that analyzes CloudTrail, VPC Flow Logs, and DNS queries without host agents. The solution must be enabled once in the management account and automatically aggregate findings for all current and future organization accounts with minimal ongoing effort. Which approach satisfies these requirements?
Stream CloudTrail logs from all accounts to a centralized S3 bucket, then schedule AWS Lambda functions to run Amazon Athena queries that look for outliers.
Activate Amazon Macie in every account and analyze S3 server access logs for unusual read and copy operations.
Enable Amazon GuardDuty in the organization's management account and automatically enroll all member accounts to aggregate machine-learning security findings.
Configure AWS Config conformance packs in each account and use Amazon CloudWatch Events to alert on any non-compliant resources.
Enabling Amazon GuardDuty in the organization's management account and automatically enrolling member accounts activates a fully managed threat-detection service that ingests CloudTrail, VPC Flow Logs, and DNS query logs. GuardDuty applies machine-learning analytics and threat-intelligence feeds to surface anomalous API usage, reconnaissance activity, and data-exfiltration attempts without deploying host agents. Its multi-account administration lets the management (or delegated administrator) account auto-enable GuardDuty in existing and new member accounts and view all findings centrally.
AWS Config conformance packs evaluate resource configurations, not runtime threats. Amazon Macie focuses on S3 data classification and S3 access anomalies, ignoring VPC Flow Logs and broader CloudTrail events. A custom S3-Athena-Lambda pipeline could work but demands significant engineering and maintenance, contradicting the requirement for a fully managed, low-overhead solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does Amazon GuardDuty use machine learning for threat detection?
Open an interactive chat with Bash
What is the purpose of VPC Flow Logs and how does GuardDuty use them?
Open an interactive chat with Bash
What is the difference between Amazon GuardDuty and Amazon Macie?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .