ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Field engineers frequently access untrusted vendor websites from corporate Windows 10 laptops to download firmware updates. The security team needs to prevent any malware from persisting on the host while still allowing engineers to retrieve files and without adding new hardware or complex infrastructure. Which approach best meets these requirements?
Route all Internet browsing through the corporate proxy with URL filtering and antivirus inspection to block malicious content before it reaches the laptops.
Issue each engineer a full local virtual machine for browsing and require them to revert the VM to a clean snapshot after every session.
Enable the operating system's built-in disposable browser sandbox so each browsing session runs in an isolated virtual container that is destroyed on exit, with downloads moved through a controlled folder.
Deploy a host-based intrusion prevention system on every laptop and configure it to aggressively block any unknown browser processes or behaviors.
The operating system's native disposable sandbox feature launches the browser inside a lightweight, hardware-assisted virtual machine that is completely discarded when the window is closed. Because the sandbox is non-persistent, any malware that executes or any changes made during the session disappear automatically, protecting the underlying endpoint. A designated shared folder can be used to copy downloaded files to the host for separate malware scanning. A proxy or HIPS can reduce risk but still leaves the browser running on the primary OS, so persistent changes or zero-day exploits could survive. Requiring full VMs with manual snapshot reversion would provide isolation but fails the requirement for minimal additional overhead and administrative effort. Therefore, enabling the built-in browser sandbox is the most effective and efficient solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a disposable browser sandbox?
Open an interactive chat with Bash
How does hardware-assisted virtualization help in security?
Open an interactive chat with Bash
Why are proxies or host-based intrusion prevention systems insufficient in this scenario?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .