ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company streams AWS CloudTrail and VPC Flow Logs to a cloud-hosted SIEM via Kinesis Data Firehose. Management now requires that every critical alert be assigned, updated, and closed in a way that can later be audited to verify who performed each action. Which SIEM capability MOST directly satisfies this incident-tracking requirement?
Dynamic log normalization templates for diverse AWS log sources
User and entity behavior analytics (UEBA) module to detect anomalous activity
Real-time correlation rules that tag events with MITRE ATT&CK techniques
Integrated case management or ticketing workflow that links alerts to incidents
Incident tracking focuses on following an alert from initial detection through investigation and remediation while recording ownership, status changes, and evidence. A built-in case management or ticketing workflow lets analysts create an incident record, assign it, document actions, and close it, preserving an audit trail for later review. Log normalization, UEBA analytics, and correlation with ATT&CK enrich detection quality but do not provide the workflow or status life-cycle needed to track incident handling.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Kinesis Data Firehose used for in cloud operations?
Open an interactive chat with Bash
What makes integrated case management essential in SIEM for incident tracking?
Open an interactive chat with Bash
How does the SIEM use dynamic log normalization templates for AWS logs, and why doesn’t it meet the incident-tracking requirement?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .