ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your SOC dashboards display hundreds of Amazon GuardDuty port-scan findings every day from Amazon Inspector's public scanning ranges. Analysts have confirmed these events are expected and non-actionable, yet they obscure truly malicious activity. To apply a noise-reduction approach while preserving anomaly detection, what is the MOST appropriate action?
Schedule a daily script that permanently deletes all port-scan findings from GuardDuty to keep the console clean.
Disable GuardDuty for the affected accounts and rely solely on VPC Flow Logs for threat detection.
Create a GuardDuty filter with an archive rule that suppresses the known benign findings and forward only high-severity events to the SIEM.
Reduce the GuardDuty finding aggregation frequency so that duplicate findings are combined into a single event.
Noise reduction keeps monitoring focused on actionable events without losing the ability to detect real threats. GuardDuty filters with archive rules let analysts suppress findings that match specific criteria (for example, a port-scan coming from known scanner IP ranges). The finding is still stored and can be reinstated later, but it is no longer surfaced to the SOC or forwarded to the SIEM, reducing noise. Disabling GuardDuty removes critical detections entirely, defeating the purpose. Changing aggregation frequency does not stop the findings from appearing; it only groups them. Deleting findings each day hides data permanently and eliminates the ability to review historical patterns, violating evidentiary and forensic best practices.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon GuardDuty and its role in threat detection?
Open an interactive chat with Bash
What is a GuardDuty archive rule, and how does it reduce noise?
Open an interactive chat with Bash
Why is preserving historical GuardDuty findings important for security analysis?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .