ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company hosts several Amazon EC2 Linux bastion hosts in a private subnet. Operations engineers must connect from the on-premises corporate network to administer these instances. To comply with the principle of least privilege, you need to add a single inbound rule to the bastion hosts' security group that enables this management access while exposing the minimum necessary attack surface. Which rule meets the requirement?
Allow inbound TCP traffic on port 3389 from the corporate network's public IP range
Allow inbound TCP traffic on port 23 from any IPv4 address (0.0.0.0/0)
Allow inbound UDP traffic on port 22 from any IPv4 address (0.0.0.0/0)
Allow inbound TCP traffic on port 22 from the corporate network's public IP range
Secure Shell (SSH) is the standard protocol for remote administration of Linux systems and operates exclusively over TCP port 22. Granting inbound TCP access on this port from the known public IP range of the corporate network allows engineers to connect while limiting exposure only to trusted sources. Allowing UDP on port 22 would fail because SSH does not use UDP. Opening TCP port 3389 would enable Remote Desktop Protocol, which is meant for Windows hosts, and port 23 would allow Telnet, an insecure clear-text protocol. Therefore, the only rule that both enables SSH and follows least-privilege principles is to allow TCP port 22 from the corporate network's IP addresses.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is SSH preferred over Telnet for secure communications?
Open an interactive chat with Bash
What does 'least privilege' mean in network security?
Open an interactive chat with Bash
Why does SSH exclusively use TCP and not UDP?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .