ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security analyst is hardening a legacy application server that must accept incoming TCP 8443 traffic only from the internal load balancer and initiate outbound TCP 1433 sessions to a dedicated database subnet. All other traffic must be blocked. The host-based firewall evaluates rules from top to bottom. Which rule set BEST enforces least-privilege port and protocol filtering?
Allow inbound TCP 8443 from the load balancer subnet; allow outbound all TCP ports to any destination; deny all other traffic.
Allow inbound TCP 8443 from the load balancer subnet; allow outbound TCP 1433 to the database subnet; deny all other traffic.
Allow inbound TCP 8443 from any source; allow outbound TCP 1433 to any destination; deny all other traffic.
Allow inbound all TCP ports from any source; allow outbound TCP 1433 to the database subnet; deny all other traffic.
The correct rule set explicitly restricts inbound access to TCP 8443 originating solely from the load-balancer subnet and limits outbound traffic to the single required destination and port (TCP 1433). A terminating deny-all rule ensures every other protocol, port, and address is blocked, achieving a default-deny stance. Each alternative leaves unnecessary openings-either permitting any source on 8443, allowing any outbound destination, or accepting all inbound ports-thereby violating least-privilege principles.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is limiting inbound TCP 8443 to the load-balancer subnet important?
Open an interactive chat with Bash
What makes a deny-all rule necessary in firewall configurations?
Open an interactive chat with Bash
What is the purpose of restricting outbound traffic to specific ports like TCP 1433?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .