ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization just enabled AWS CloudTrail, VPC Flow Logs, and application logs in a new multi-account environment. Before the security team turns on automated anomaly-detection rules in its SIEM, it wants to establish a reliable security baseline. Which action best supports that goal while aligning with industry guidance on baseline creation?
Archive all raw logs to Amazon S3 Glacier and enable anomaly detection after the archival policy is in place.
Collect and profile typical log activity across all accounts for at least one complete business cycle, then use the results to tune detection rules.
Disable logging from development accounts to minimize noise before establishing any thresholds.
Immediately configure AWS-managed CloudWatch alarms that use default thresholds for all metrics and logs.
A security baseline must represent "normal" behavior so that deviations can be flagged confidently. Capturing and profiling routine log activity for at least one full business cycle allows analysts to understand expected user patterns, seasonal workload fluctuations, and regional differences. Only after that data is characterized can threshold-based or machine-learning detectors be tuned properly. Immediately creating thresholds without historical data, suppressing logs from development accounts, or archiving data before analysis either eliminates critical context or pushes the problem forward, hindering accurate anomaly detection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS CloudTrail and how does it help in establishing a security baseline?
Open an interactive chat with Bash
What are VPC Flow Logs and why are they important for profiling typical log activity?
Open an interactive chat with Bash
Why is it necessary to collect log activity for a full business cycle before tuning detection rules?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .