ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your team is building a serverless payment processing API on AWS. Compliance requirements demand proof that any request recorded in the system can later be cryptographically tied to the identity that submitted it, preventing that user from denying the action. Which approach best meets this non-repudiation requirement while aligning with AWS best practices?
Encrypt all data in S3 using SSE-S3 and enable object lock to prevent deletion.
Protect the API with AWS WAF and enable AWS Shield Standard to block malicious traffic.
Store API request details in Amazon DynamoDB and replicate the table across regions with global tables for high availability.
Enable AWS CloudTrail for the account and turn on log file integrity validation; store the logs in an S3 bucket with versioning and MFA Delete.
Non-repudiation requires evidence that an action was performed by a specific principal and that the evidence cannot be altered without detection. Enabling AWS CloudTrail captures every API call together with the caller's identity and signs each log file with a SHA-256 hash and public-key signature. Turning on CloudTrail's log file integrity validation lets you verify that logs have not been modified, while S3 versioning and MFA Delete protect the evidence from tampering or deletion. AWS WAF and Shield improve availability but do not bind actions to identities. Server-side encryption and Object Lock secure stored objects but do not record who performed an action or provide cryptographic validation of logs. Replicating data in DynamoDB enhances durability and availability, not non-repudiation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS CloudTrail and how does it support non-repudiation?
Open an interactive chat with Bash
What is log file integrity validation in AWS CloudTrail?
Open an interactive chat with Bash
How does S3 versioning and MFA Delete protect log files?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .