ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your security team centralizes VPC Flow Logs, AWS CloudTrail, and Application Load Balancer access logs in CloudWatch Logs. They must be alerted when an external actor repeatedly attempts invalid credentials against a public Amazon RDS instance, but only if similar activity is observed across more than one log source to reduce false positives. Which AWS-native approach best meets this event-correlation requirement while keeping custom development effort to a minimum?
Enable Amazon GuardDuty so findings such as RDS brute-force attacks are generated by correlating VPC Flow Logs, CloudTrail, and DNS activity.
Use an AWS Config managed rule to evaluate whether an RDS instance receives multiple failed connections from the same IP within five minutes.
Build an AWS Step Functions workflow that runs Athena queries across each log source and sends an SNS notification when all queries exceed thresholds.
Create a CloudWatch Logs metric filter that counts failed RDS login messages and triggers an alarm when a threshold is exceeded.
Amazon GuardDuty already ingests and correlates multiple independent telemetry sources-VPC Flow Logs, CloudTrail management events, and DNS query logs-to detect suspicious behavior. One of its managed finding types, UnauthorizedAccess:RDS/InstanceBruteForce, is specifically raised when GuardDuty observes repeated failed authentication attempts against an RDS instance that are corroborated by network and API activity in other logs. Enabling GuardDuty therefore delivers the required multi-source correlation and alerting without any custom code. The other options rely on single log sources or require you to build and maintain bespoke orchestration and analytics logic, and AWS Config evaluates resource configurations rather than real-time log events, so they do not satisfy the stated requirement as effectively.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon GuardDuty?
Open an interactive chat with Bash
How does GuardDuty correlate data from multiple log sources?
Open an interactive chat with Bash
Why are other options less effective than GuardDuty for this use case?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .