ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization hosts a three-tier web application in a single Amazon VPC. Security operations has received a Snort rule that precisely matches the byte sequence of a newly discovered remote-code-execution exploit. The team must begin monitoring all traffic between EC2 instances today, generate alerts when the signature is seen, and ensure that no packets are blocked. Which approach most effectively meets these requirements while minimizing false positives?
Mirror all relevant ENI traffic with Amazon VPC Traffic Mirroring to a dedicated signature-based NIDS instance loaded with the new rule.
Deploy an inline heuristic IPS that uses machine-learning models to automatically block any suspicious connections.
Enable an anomaly-based IDS that learns baseline behavior and raises alerts on deviations after a training period.
Turn on VPC Flow Logs and analyze them with Amazon Athena to search for the exploit's byte sequence.
Using Amazon VPC Traffic Mirroring to send copies of packets from the application's elastic network interfaces (ENIs) to an out-of-band signature-based network intrusion detection system (NIDS) satisfies every requirement. Traffic Mirroring lets a sensor running on a dedicated monitoring instance receive full packet payloads from other instances-even though normal promiscuous sniffing is impossible inside a VPC. Loading the exact exploit signature into the NIDS enables immediate detection with a very low false-positive rate, and because the sensor is passive, it raises alerts without blocking any traffic.
An inline IPS would violate the "do not block packets" requirement. An anomaly-based IDS needs a training period and can produce higher false positives. VPC Flow Logs record only metadata, so they cannot match specific byte sequences in packet payloads.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon VPC Traffic Mirroring?
Open an interactive chat with Bash
What is the difference between IDS (Intrusion Detection System) and IPS (Intrusion Prevention System)?
Open an interactive chat with Bash
Why can't VPC Flow Logs be used for detecting specific byte sequences in packet payloads?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .