ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
During a quarterly tabletop exercise, a financial-services company that runs its production workloads in two AWS Regions reviews its disaster-recovery playbook. Participants discover that if privileged IAM roles are ever deleted or become unusable during an incident, the response team would lose the ability to administer the affected AWS accounts. Which update to the playbook would BEST mitigate this gap while aligning with AWS security best practices?
Embed the AWS root user's long-term access key and secret access key in the playbook so they are available even if IAM roles fail.
Add instructions to create a new AWS account and migrate production resources there if existing IAM roles become unusable.
Include a break-glass procedure that stores a hardware MFA token for the AWS root user in a sealed, audited safe and lists the custodians authorized to retrieve it.
Enable password-based SSH access on all EC2 instances and record the shared emergency password in the playbook for use during incidents.
AWS recommends protecting the root user's long-term credentials and enabling hardware MFA on the root account. A documented break-glass process that identifies custodians of the hardware MFA device, its secure storage location, and the steps for retrieving and using it ensures administrators can regain control if all other IAM mechanisms fail. Publishing the root user's access keys or shared SSH passwords directly in the playbook violates least-privilege and secret-management principles, and creating a new AWS account during an incident does not restore access to the original environment in a timely manner.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a break-glass procedure in AWS?
Open an interactive chat with Bash
What is a hardware MFA token, and why is it important for AWS security?
Open an interactive chat with Bash
Why is embedding AWS root user's access keys in documentation considered insecure?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Incident Response and Recovery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .