🔥 40% Off Crucial Exams Memberships — This Week Only

2 days, 12 hours remaining!
Crucial Exams

ISC2 Systems Security Certified Practitioner (SSCP) Practice Question

Your company operates a customer-facing website on Amazon EC2 instances in an Auto Scaling group. The security team updates a centralized risk register and relies on CVSS scores to prioritize work. A remote-code-execution flaw with a CVSS v3 base score of 9.8 is announced for the HTTP daemon running on the instances. Which planned response best demonstrates the risk treatment strategy of mitigation?

  • Purchase additional cyber-insurance to cover any losses if the flaw is exploited while keeping the current environment unchanged.

  • Document the vulnerability in the risk register and defer any remediation until the next quarterly maintenance window.

  • Apply the vendor patch to the launch template and perform a rolling replacement of all EC2 instances in the Auto Scaling group.

  • Migrate the workload to an AWS managed platform that is not affected and retire the current EC2 fleet.

ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot