ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company provides Amazon WorkSpaces Windows 10 desktops to contractors. An on-premises proxy firewall terminates TLS sessions for content inspection and re-signs them with an internal root CA. To avoid browser certificate warnings, the proxy's root CA must be trusted by every WorkSpace automatically, with minimal ongoing administration and no user action. Which solution best meets these requirements?
Store the root CA in an S3 bucket and execute a logon script through WorkSpaces Application Manager that downloads and imports the certificate during each session.
Bake the root CA certificate into a custom WorkSpaces image and recreate existing WorkSpaces from that image whenever the certificate is updated.
Email the root CA certificate to contractors and instruct them to import it into their browser trust store the first time they log in.
Create a Group Policy Object in AWS Directory Service for Microsoft Active Directory to deploy the root CA certificate to the Trusted Root Certification Authorities store on all domain-joined WorkSpaces.
Using AWS Directory Service for Microsoft Active Directory (or a trust to an on-premises AD), each Amazon WorkSpace is joined to the domain. A Group Policy Object can automatically deploy the organization's root CA certificate to the "Trusted Root Certification Authorities" store on every domain-joined computer at boot or user logon. This scales to hundreds of WorkSpaces, requires no user interaction, and any future certificate updates are pushed centrally.
Embedding the certificate in a custom WorkSpaces image would require rebuilding or refreshing every desktop whenever the certificate changes. A logon script that pulls the certificate from S3 introduces additional maintenance and potential failure points. Relying on users to import the certificate manually is error-prone and does not satisfy the requirement for automatic enforcement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Directory Service for Microsoft Active Directory?
Open an interactive chat with Bash
What is a Group Policy Object (GPO)?
Open an interactive chat with Bash
What is the Trusted Root Certification Authorities store?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .