ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security administrator manages 500 Windows 10 laptops joined to Active Directory. Recent threat-hunting reports show multiple drive-by download attempts that exploit outdated Flash and Java browser plugins. Because two internal line-of-business web applications still require these plugins, users must retain access to them, but plugin execution everywhere else should be prevented. Using Group Policy for Microsoft Edge (Chromium), which configuration best meets the security requirement while preserving access to the legacy applications?
Disable all active scripting in the Internet, Intranet and Trusted Sites zones to stop execution of potentially malicious code.
Force-enable all plugins but require Microsoft Defender Application Guard to isolate any externally browsed site.
Uninstall the Flash and Java runtimes from every laptop and instruct users to access the legacy applications through a remote desktop session.
Set the browser's plugin policy to block Flash and Java by default and deploy a site allow list that enables those plugins only for the two internal application URLs.
Setting the browser so that plugins are blocked by default but explicitly allowed for approved hostnames implements the principle of least privilege. The Group Policy setting "Control use of outdated plugins" (or the equivalent "Allow Adobe Flash" list for Edge) can be configured to Disable plugin execution globally while specifying a list of permitted URLs. Users can still load Flash or Java on the sanctioned internal sites, but any attempt by unapproved or malicious websites to invoke those plugins is automatically suppressed, closing the main infection vector identified in the scans. Simply uninstalling all plugins would break the required apps, while allowing all plugins with SmartScreen or relying on Application Guard leaves broad exposure when users browse outside the sandbox. Disabling all active scripting blocks needed functionality far beyond the risky plugins and would likely disrupt normal web use.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a 'drive-by download' and why is it a concern?
Open an interactive chat with Bash
How does the principle of least privilege improve security in this scenario?
Open an interactive chat with Bash
What is Microsoft Group Policy and how does it manage browser settings like plugins?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .