ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
During a free pre-sales security walkthrough for a prospective customer's AWS environment, you discover one of their S3 buckets exposes payroll records to the internet. Your sales director instructs you not to alert the customer until they sign a paid remediation contract. Under the (ISC)² Code of Ethics, which response best upholds your professional obligation?
Submit an anonymous support ticket to AWS and allow them to decide whether to contact the customer, avoiding direct disclosure yourself.
Notify the customer of the exposed bucket right away, even if doing so may undermine the potential contract, because safeguarding affected individuals and society is the foremost ethical duty.
Quietly change the bucket permissions on behalf of the customer without informing anyone, preventing immediate harm while keeping the issue internal.
Comply with your director's request and wait for a signed contract, since your primary responsibility is to your employer's business interests.
The (ISC)² Code of Ethics establishes four canons in order of priority, beginning with the duty to "protect society, the commonwealth and the infrastructure" and to "act honorably, honestly, justly, responsibly, and legally." Allowing sensitive data to remain publicly exposed for commercial leverage places personal or organizational gain above the obligation to protect others. Notifying the customer immediately addresses the risk to employees and the public and aligns with the highest-priority canon. Deferring action for profit, passing responsibility to AWS without client knowledge, or secretly modifying the customer's resources all violate one or more canons and could expose you and your organization to ethical and legal repercussions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the (ISC)² Code of Ethics Canons?
Open an interactive chat with Bash
What actions are considered violations of the (ISC)² Code of Ethics?
Open an interactive chat with Bash
Why is notifying the customer immediately the correct response in this situation?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .