ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A financial services firm is migrating several internal tools to AWS. Compliance policy requires that anyone connecting to the AWS Management Console or to an EC2 bastion host must first see a reminder that all activities are being monitored and that unauthorized access can lead to prosecution. Which control BEST satisfies this requirement as a deterrent measure without directly enforcing or detecting violations?
Enable AWS CloudTrail for all accounts and send real-time IAM authentication events to an Amazon SNS topic monitored by security operations.
Configure an account-level log-on banner for the AWS Management Console and a pre-login SSH warning message on the bastion host.
Require all administrators to use multi-factor authentication (MFA) before accessing the console or bastion host.
Restrict console and SSH access to whitelisted corporate IP addresses using VPC network ACLs and IAM condition keys.
A deterrent control discourages inappropriate behavior by reminding potential violators of monitoring or penalties, rather than physically preventing or detecting actions. Displaying a log-on warning banner (for both the AWS Management Console and SSH sessions) clearly informs users that their actions are tracked and that misuse has legal consequences, which can discourage unauthorized activity.
Implementing MFA or network ACLs are preventive controls because they block access unless specific conditions are met.
Enabling CloudTrail with SNS alerts is primarily a detective and corrective measure, identifying and responding to events after they occur. Therefore, only a prominently displayed log-on warning banner fulfills the stated compliance need for a deterrent control.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a deterrent control in cybersecurity?
Open an interactive chat with Bash
How does an AWS log-on warning banner work?
Open an interactive chat with Bash
What is a pre-login SSH warning message, and how is it configured?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .