ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
After a developer surrendered AWS access keys during a spear-phishing attack, management asks for an additional administrative control that will lower the chance of similar incidents without affecting system performance or adding significant cost. The control must also generate auditable evidence of employee participation. Which action BEST meets these requirements?
Launch mandatory, role-based security awareness training covering phishing and AWS credential handling, and record completion in the corporate learning-management system.
Deploy an AWS Config rule that flags any repository commit containing hard-coded access keys for remediation.
Enable AWS CloudTrail for all accounts and archive the logs to an immutable S3 bucket in Glacier Deep Archive.
Require multi-factor authentication for all IAM users by attaching a policy that denies API calls without MFA.
Security awareness training is an administrative (operational) control that addresses human factors such as phishing susceptibility. Requiring all personnel who handle cloud credentials to complete role-based training, and recording completion in the company's learning-management system, directly targets the root cause, is inexpensive, has no runtime impact on AWS workloads, and produces documentation for auditors. The other options are technical controls: CloudTrail improves logging, AWS Config detects insecure code, and enforcing MFA strengthens authentication. While valuable, none of them fulfils the request for an administrative control focused on user behavior and documented training.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the significance of role-based security awareness training?
Open an interactive chat with Bash
Why is spear-phishing a major threat to credential security?
Open an interactive chat with Bash
How does documenting training in a learning-management system support compliance?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .