ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
During an internal investigation, you learn that several developers received text messages impersonating the company's AWS help desk. The SMS claimed their console sessions had expired and urged them to tap a shortened URL to re-authenticate; two developers complied and divulged credentials. With minimal cost and without adding new infrastructure, which single control would most effectively reduce the likelihood of future smishing attacks succeeding?
Deploy AWS WAF rules to block all inbound HTTP requests that include URL-shortening domains referenced in the fraudulent texts.
Require every employee to use SMS-based multi-factor authentication (MFA) for AWS Management Console access.
Enable Amazon GuardDuty DNS threat detection and automatically quarantine any EC2 instance that contacts known phishing domains.
Implement recurring security awareness training that incorporates simulated smishing exercises and just-in-time coaching for recipients.
Smishing relies on social engineering rather than technical exploitation, so the most effective and economical mitigation is to teach users how to recognize and report fraudulent texts. Regular security awareness programs that include realistic smishing simulations raise employee vigilance and reduce click-through rates. GuardDuty and WAF are valuable detective or preventive controls for network threats but do not stop users from tapping malicious SMS links. Mandating SMS-based MFA actually expands attackers' opportunities to abuse text messaging and does not address credential harvesting from fake links, so it is not the best choice here.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is smishing and how does it differ from phishing?
Open an interactive chat with Bash
What are simulated smishing exercises and why are they effective?
Open an interactive chat with Bash
How do recurring security awareness trainings help prevent social engineering attacks?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .