ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security administrator is deploying a Linux-based web application on an Amazon EC2 instance inside a new VPC. The instance must accept HTTPS traffic from any Internet host, permit SSH administration only from the company's head-office CIDR block 203.0.113.0/24, and allow the instance to download operating-system patches from Internet-based repositories over TCP port 443 while blocking all other outbound ports. Which security group configuration best satisfies these requirements while adhering to the principle of least privilege?
Inbound: TCP 443 from 0.0.0.0/0 and TCP 22 from 203.0.113.0/24; Outbound: TCP ports 1024-65535 to 0.0.0.0/0
Inbound: TCP 443 from 0.0.0.0/0 only; Outbound: no rules (default deny)
Inbound: TCP 443 from 0.0.0.0/0 and TCP 22 from 0.0.0.0/0; Outbound: TCP 443 to 0.0.0.0/0
Inbound: TCP 443 from 0.0.0.0/0 and TCP 22 from 203.0.113.0/24; Outbound: TCP 443 to 0.0.0.0/0 only
Security groups are stateful; return traffic for an allowed outbound or inbound flow is automatically permitted. The instance therefore needs inbound TCP 443 from anywhere for the public web service and inbound TCP 22 only from 203.0.113.0/24 for administration. Outbound rules should be restricted to what is strictly required-here, TCP 443 to 0.0.0.0/0 for patch retrieval. Allowing additional outbound ports or opening SSH to all addresses would violate least-privilege, while omitting any outbound rule would block the necessary patch traffic because removing the default egress rule results in a deny-all policy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a security group in AWS?
Open an interactive chat with Bash
What does 'least privilege' mean in security configuration?
Open an interactive chat with Bash
Why does outbound traffic over port 443 need to be explicitly allowed for patches?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .