ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A company runs a payroll web app on an on-prem Linux host listening on TCP 8443; the same server also hosts a public site on TCP 80. Policy allows only the HR subnet 192.168.10.0/24 to reach payroll, while any internal subnet may view the public site. No extra hardware or third-party software may be added. Which method best enforces this policy with least privilege?
Create host-based firewall ACL rules that allow TCP 8443 only from 192.168.10.0/24, allow TCP 80 from all internal networks, and drop all other inbound traffic.
Place the HR subnet in its own VLAN and configure inter-VLAN routing to block other subnets from reaching TCP 8443 on the server.
Require users to authenticate with client certificates when accessing the payroll URL over HTTPS on port 8443.
Set discretionary file permissions so only HR group members can read payroll files while leaving all network ports open.
An Access Control List (ACL) applied through the native host-based firewall (such as iptables or nftables on Linux) allows restriction of inbound traffic at the network layer. By explicitly permitting TCP 8443 only from 192.168.10.0/24, permitting TCP 80 from all internal networks, and dropping all other unsolicited traffic, the server enforces the required segmentation while honoring least privilege. VLAN re-architecture or hardware firewalls add components the constraint disallows. Client certificates or file permissions control authentication or data access after the connection but do not block unwanted network connections, so they do not satisfy the policy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a host-based firewall in Linux, and how does it enforce ACL rules?
Open an interactive chat with Bash
What is TCP 8443 used for, and why does this port need to be restricted to the HR subnet?
Open an interactive chat with Bash
What are the differences between iptables and nftables for creating ACL rules?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .