ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
While performing an internal security assessment, an SSCP-certified cloud engineer discovers that a third-party vendor's public S3 bucket inadvertently exposes thousands of patient medical records used by the company's production healthcare application. The engineer's AWS account cannot change the vendor's configuration, but the data can be read. Under the (ISC)² Code of Ethics canon that mandates protecting society and critical infrastructure, what is the MOST appropriate initial response?
Take no action because securing the bucket is solely the vendor's responsibility under the shared responsibility model.
Contact the vendor to report the exposure and offer assistance to remediate the misconfiguration before any public disclosure.
Publish full details of the vulnerability on a security mailing list so the community pressures the vendor to act.
Quietly copy the exposed files, delete them from the bucket, and then monitor for recurrence.
The first canon of the (ISC)² Code of Ethics obligates professionals to protect society, the commonwealth, and the infrastructure. Responsible vulnerability disclosure aligns with this duty by minimizing potential harm while respecting legal boundaries. Notifying the data owner (the vendor) and offering to help them correct the issue promotes rapid remediation without exposing the data further. Unilaterally deleting or copying data exceeds authorized access and may violate law and policy. Publicly disclosing the flaw before remediation risks widespread exploitation and undermines patient privacy. Ignoring the problem fails to protect affected individuals or the healthcare infrastructure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the (ISC)² Code of Ethics canon focused on protecting society and infrastructure?
Open an interactive chat with Bash
What is AWS's shared responsibility model?
Open an interactive chat with Bash
What is responsible vulnerability disclosure?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .