ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization runs several VPCs across multiple AWS accounts. Security policy requires the SOC to receive an alert within minutes whenever a security group is added, deleted, or modified. A multi-Region CloudTrail trail already records all management events, and the SOC subscribes to an SNS topic. Which AWS solution will detect these changes with the least custom code and keep response time under five minutes?
Add S3 event notifications to the CloudTrail log bucket to invoke a Lambda function that scans each log file and publishes any security group changes to SNS.
Create an EventBridge rule that matches CloudTrail management events for security-group API calls and routes the events to the existing SNS topic.
Configure a CloudWatch Logs metric filter on VPC Flow Logs for TCP port 22 traffic and create an alarm that sends notifications to the SNS topic.
Enable Amazon GuardDuty in every account and forward its findings stream to the SNS topic.
CloudTrail streams management events such as AuthorizeSecurityGroupIngress, RevokeSecurityGroupIngress, CreateSecurityGroup, and DeleteSecurityGroup to Amazon EventBridge (formerly CloudWatch Events) in near real time. A rule can match these API calls and publish them directly to an SNS topic, requiring no custom parsing or Lambda code.
Using S3 event notifications requires waiting for CloudTrail to batch-write logs and building a Lambda function, adding both delay and maintenance overhead. GuardDuty raises findings only for suspicious activity patterns, not for every security-group change, so it may miss routine modifications. VPC Flow Logs capture network traffic metadata, not API calls, so a metric filter on them cannot detect changes to security-group configurations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon EventBridge?
Open an interactive chat with Bash
How does CloudTrail integrate with EventBridge?
Open an interactive chat with Bash
Why is using GuardDuty insufficient for detecting security group changes?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .