ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security engineer must allow a strategic partner to access an internal reporting application that is currently deployed in the company's AWS environment. The partner's on-premises network is connected to AWS through a site-to-site VPN. Management insists that the application remain isolated from the public Internet but also be segregated from the corporate intranet. Which solution BEST meets the requirement for creating an extranet zone?
Create a separate VPC that contains only the reporting application, attach it to the existing site-to-site VPN and a transit gateway for selective routing to the partner, and omit an Internet gateway so the VPC is reachable solely through the VPN.
Convert the application to a SaaS offering in AWS Marketplace and have the partner subscribe to it using their own AWS accounts.
Publish the application through AWS PrivateLink from the production VPC and allow the partner to reach it over the Internet by whitelisting their public IP addresses.
Deploy the application in a public subnet behind an internet-facing Application Load Balancer secured with AWS WAF, and require the partner to authenticate with multi-factor authentication.
An extranet is a semiprivate network segment that provides controlled access to authorized external entities without exposing resources to the general Internet or to the organization's full intranet. Placing the application in a dedicated VPC that is reachable only through the existing VPN from the partner satisfies these conditions. The VPC segmentation and firewall rules keep the workload separate from both public subnets and the internal production VPC, while the absence of an Internet gateway prevents unintended public exposure. The other options either rely on public endpoints, expose the entire intranet, or use mechanisms (such as AWS Marketplace or Public PrivateLink access) that do not fit the definition of an extranet.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VPC in AWS?
Open an interactive chat with Bash
What is a site-to-site VPN?
Open an interactive chat with Bash
What is an extranet zone and how does it differ from an intranet?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .