ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization uses the new Amazon Inspector to continuously scan Amazon EC2 instances and container images. Management needs a vulnerability-management reporting solution that (1) notifies DevOps engineers and the compliance manager within one hour whenever a critical finding is generated, (2) includes AWS-provided remediation guidance in the notification, and (3) preserves every finding as a tamper-evident historical record for future audits with minimal ongoing administration.
Which design best satisfies these requirements in alignment with AWS and vulnerability-management best practices?
Stream Amazon VPC Flow Logs to Amazon CloudWatch Logs, forward them to Splunk through a subscription filter, and generate vulnerability reports on demand.
Schedule a weekly export of Amazon Inspector findings to a CSV file, copy it to a local workstation, and e-mail it manually to stakeholders.
Configure an Amazon EventBridge rule for CRITICAL Amazon Inspector findings that invokes an AWS Lambda function; the function appends Inspector remediation guidance, publishes the message to an Amazon SNS topic subscribed by DevOps and compliance, and writes the full finding JSON to a versioned, private Amazon S3 bucket.
Enable Amazon GuardDuty and rely on its monthly summary e-mail to inform teams about any high-severity security issues discovered in the environment.
Publishing Amazon Inspector findings to Amazon EventBridge enables near-real-time processing. An EventBridge rule that filters for findings whose Severity.Label is CRITICAL can directly invoke an AWS Lambda function. The function reads the finding JSON-which already contains the remediation.recommendation text-enriches the message as needed, and then calls Amazon SNS to fan out the notification to email (or chat) subscribers such as DevOps engineers and the compliance manager. The same function can store the full finding payload in an Amazon S3 bucket that has versioning enabled, ensuring every version of every finding is retained and tamper-evident for audit purposes. This design is automated, meets the sub-hour notification objective (typically seconds), delivers built-in remediation guidance, and uses fully managed services that require minimal ongoing maintenance. The other options either delay reporting, omit remediation details, or fail to provide immutable historical storage.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon EventBridge and why is it used here?
Open an interactive chat with Bash
How does versioning in Amazon S3 ensure tamper-evident historical records?
Open an interactive chat with Bash
Why is AWS Lambda used in this solution, and how does it handle remediation guidance?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .