ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company hosts a Java web application on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The security team must detect brute-force login attempts by monitoring the application's log file (app.log) in near real time and must keep the logs for 90 days. Which solution provides the required visibility and retention while minimizing ongoing operational effort?
Enable VPC Flow Logs for the application subnets, export logs to an S3 bucket with a 90-day lifecycle rule, and turn on Amazon GuardDuty to alert on suspicious activity.
Keep app.log on each EC2 instance's EBS volume, run a daily cron job to search for failed logins and email a report, and rotate and delete logs older than 90 days.
Install and configure the CloudWatch Logs agent on each instance to stream app.log to a CloudWatch Logs group, create a metric filter for failed logins, and set the log group retention period to 90 days.
Enable S3 server access logging on the application's artifact bucket, deliver logs to CloudTrail Lake, and query weekly with Amazon Athena to find repeated login failures.
Streaming each instance's app.log to Amazon CloudWatch Logs with the CloudWatch Logs/CloudWatch unified agent enables near-real-time central collection. A metric filter can automatically search the stream for patterns that indicate repeated login failures and trigger CloudWatch alarms for the security team. CloudWatch Logs groups support a configurable retention policy, so setting it to 90 days satisfies the data-retention requirement with no custom scripts or additional infrastructure.
VPC Flow Logs record network metadata, not application-level events, so they cannot detect failed logins in the application log. A local cron job requires custom parsing, manual email handling, and lacks real-time alerting. S3 access logs and CloudTrail Lake capture S3-related events, not application logins, and still need additional processing for detection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the CloudWatch Logs agent?
Open an interactive chat with Bash
Why is CloudWatch better for detecting application-level events compared to VPC Flow Logs?
Open an interactive chat with Bash
How does log retention work in CloudWatch Log Groups?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .