ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company hosts an internal HR portal on Amazon EC2 instances located in a private subnet. The instances are attached to a security group that has a single inbound rule: allow TCP port 443 from the corporate office's public IP range. No other inbound rules exist, and developers are not permitted to modify the security group. As a result, any traffic that does not match the allow rule is implicitly blocked. Which access control model does this configuration exemplify?
Mandatory access control driven by classification labels
Attribute-based access control using source IP attributes
Discretionary access control based on resource owner permissions
Rule-based access control enforced through centrally managed security group rules
The security group's behavior is governed entirely by predefined network rules (protocol, port, and source) that are centrally managed by administrators. Because instance owners cannot change these rules and access is decided strictly by the rule set, the model in use is rule-based access control-a form of nondiscretionary access control. Discretionary access control would allow resource owners to change permissions. Attribute-based access control would involve evaluating multiple dynamic attributes beyond simple fixed rules. Mandatory access control relies on security labels and classifications rather than per-rule firewall policies. Therefore, the scenario best represents rule-based access control.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are security groups in AWS?
Open an interactive chat with Bash
How does rule-based access control differ from mandatory access control?
Open an interactive chat with Bash
Why is the configuration described not attribute-based access control?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .