🔥 40% Off Crucial Exams Memberships — This Week Only

2 days, 6 hours remaining!
Crucial Exams

ISC2 Systems Security Certified Practitioner (SSCP) Practice Question

Your company runs several Amazon EC2 instances that engineers must occasionally access for emergency shell troubleshooting. Security logs record thousands of daily failed SSH attempts from public IP addresses, indicating an automated brute-force attack. The team wants to remove this attack surface yet keep on-demand administrative access from any location, without running extra infrastructure or maintaining source IP allow lists. Which solution best satisfies these goals?

  • Deploy fail2ban on each instance to ban IP addresses that exceed a threshold of failed SSH logins.

  • Enable AWS WAF on the Application Load Balancer and create a rate-based rule that blocks IP addresses with excessive requests.

  • Install the AWS Systems Manager agent on the instances, disable inbound TCP 22 in the security group, and use Session Manager for interactive shell access.

  • Add an AWS Network Firewall endpoint to the VPC and configure intrusion-prevention rules to block repeated SSH login failures.

ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot