ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A company migrates its public website to an Amazon EC2 instance that runs Apache HTTP Server in a private subnet. An internet-facing Application Load Balancer (ALB) in a public subnet forwards web requests to this instance. The instance's security group currently blocks all inbound traffic. To re-establish user access while adhering to the principle of least privilege, which inbound rule should be added to the instance's security group?
Allow inbound ICMP echo requests (type 8) from 0.0.0.0/0.
Allow inbound TCP traffic on port 80 from the ALB's security group.
Allow inbound TCP traffic on port 443 from 0.0.0.0/0.
Allow inbound UDP traffic on port 80 from the ALB's private IP address range.
The ALB forwards standard web requests over the Hypertext Transfer Protocol, which by default uses TCP port 80. To follow least-privilege principles, the instance should accept traffic only from the ALB, not from every source on the internet. Therefore, the rule must allow inbound TCP traffic on port 80 with the ALB's security group (or its ID) as the source. Allowing port 443 would enable HTTPS, not HTTP. Specifying UDP on port 80 would fail because HTTP relies on TCP. Allowing ICMP echo requests does not enable web access at all.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege in cybersecurity?
Open an interactive chat with Bash
Why does HTTP rely on TCP instead of UDP?
Open an interactive chat with Bash
What is an Application Load Balancer (ALB) and how does it work?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .