ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your SIEM ingests CloudTrail, VPC Flow Logs, and ELB access logs into an Amazon OpenSearch Service cluster. An alert shows the same IAM user ran DescribeInstances from IPs in Singapore and Frankfurt within five minutes. To confirm whether the exact long-term credentials were reused, which pair of log fields should you compare first?
CloudTrail userIdentity.accessKeyId and sourceIPAddress
VPC Flow Log dstport and instanceId
CloudTrail userAgent and the ARN of the assumed role session
ELB access log request_processing_time and HTTP status code
The most direct way to confirm that the same long-term credentials were used from two distant locations is to examine CloudTrail's userIdentity.accessKeyId together with sourceIPAddress. If the identical accessKeyId appears with different IP addresses in a short time window, it strongly suggests that the key has been exposed. VPC Flow Log ports or ELB latency metrics do not reveal credential use, and matching on userAgent and an assumed-role ARN cannot prove reuse of the same long-term key because each AssumeRole call issues a new AccessKeyId.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is CloudTrail and its role in security monitoring?
Open an interactive chat with Bash
How does sourceIPAddress help identify credential misuse?
Open an interactive chat with Bash
Why is userIdentity.accessKeyId key in identifying exposed credentials?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .