ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company runs a highly available REST API on Amazon EC2 instances behind an Application Load Balancer in a VPC spanning two Availability Zones. The security team must add an intrusion detection capability that can automatically analyze VPC traffic to identify activities such as port scans and cryptocurrency mining without you having to deploy or maintain additional monitoring infrastructure. Which AWS option best meets these requirements?
Turn on VPC Flow Logs for all subnets and create CloudWatch metric filters and alarms for known malicious IP addresses and ports.
Use VPC Traffic Mirroring to forward all traffic to self-managed Suricata IDS instances running in a separate monitoring VPC.
Deploy AWS Network Firewall with managed threat signature rules to inspect all outbound and inbound traffic.
Enable Amazon GuardDuty for the AWS account and configure findings to send alerts to Amazon CloudWatch Events.
Enabling Amazon GuardDuty provides a managed intrusion‐detection capability that needs no additional appliances or sensors. GuardDuty continuously analyzes VPC Flow Logs, AWS CloudTrail management and DNS query logs, applying machine-learning models and AWS threat-intelligence feeds to detect events like port scans, brute-force attempts, and cryptocurrency mining. It automatically generates actionable findings that can be sent to CloudWatch Events for alerting.
Simply enabling VPC Flow Logs and creating CloudWatch metric filters offers raw network metadata but leaves the burden of developing, updating, and tuning detection logic to the customer, so threats may be missed. AWS Network Firewall focuses on stateful inspection and intrusion prevention; it still requires provisioning and managing firewall endpoints in each Availability Zone, increasing operational overhead. Using VPC Traffic Mirroring with self-managed Suricata instances achieves deep packet inspection but demands you deploy, scale, and maintain the IDS infrastructure yourself. GuardDuty alone fulfills the security and operational requirements most effectively.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon GuardDuty and how does it work?
Open an interactive chat with Bash
What is the difference between VPC Flow Logs and Amazon GuardDuty?
Open an interactive chat with Bash
What are the advantages of using Amazon GuardDuty over self-managed IDS solutions?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .