ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
An organization hosts its internal ticketing system on two Linux t3.medium instances in a single Availability Zone behind an Application Load Balancer (ALB). A recent AZ outage caused a complete service interruption. Management now requires the application to stay online if any single AZ fails, automatically replace unhealthy instances, and ensure that all EBS volumes are encrypted, while keeping additional cost and operational overhead low. Which approach best meets these requirements?
Resize both instances to m5.large for additional capacity, keep them in the original Availability Zone, enable ALB health checks, and activate default EBS encryption.
Create an Auto Scaling group that spans two Availability Zones with a minimum and desired capacity of two instances, attach the existing ALB with cross-zone load balancing enabled, and turn on default EBS encryption using AWS KMS.
Replicate the current AMIs to a second Region, deploy them in an Auto Scaling group there, and configure Amazon Route 53 failover routing; use application-layer encryption instead of EBS encryption to reduce costs.
Add a second ALB in another Availability Zone, register both existing instances with both ALBs, and migrate root volumes to Amazon S3 with server-side encryption for data protection.
Using an Auto Scaling group that spans at least two Availability Zones distributes instances so that a failure in one AZ does not take the entire service offline. Setting the group's minimum and desired capacity to two guarantees at least one instance per AZ at all times, and the health checks allow automatic replacement of failed instances, satisfying the resilience requirement without manual effort or significant extra cost. Attaching an ALB with cross-zone load balancing lets the load balancer route traffic only to healthy targets across the remaining AZs. Enabling AWS-provided default EBS encryption ensures that every new root or data volume created for the instances is encrypted automatically, meeting the compliance mandate without additional per-volume configuration. The other options either keep all instances in one AZ, rely on cross-Region failover (increasing cost and complexity), or use mechanisms (placement groups, S3 for root volumes) that do not provide the required multi-AZ high availability and automated recovery.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Auto Scaling group?
Open an interactive chat with Bash
What is EBS encryption?
Open an interactive chat with Bash
How does cross-zone load balancing work in an ALB?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .