ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization provisions AWS resources with Terraform stored in Git. The change-management policy requires CAB approval before any production modification. Recently, developers with console access manually update security-group rules, causing configuration drift and bypassing approvals. Which configuration-management approach best enforces the policy and prevents further drift?
Limit developer IAM permissions to read-only access for security groups, forcing them to open tickets for operations staff to make changes.
Create AWS Config rules that scan nightly and notify the CAB when security-group rules differ from the approved baseline.
Require all infrastructure updates to be committed to the Terraform repository and applied by an approved CI/CD pipeline that overwrites any manual console changes.
Enable AWS CloudTrail logging and have the security team review manual changes during the weekly audit meeting.
Automating deployments through an approved Infrastructure-as-Code (IaC) pipeline keeps the declared configuration under version control and ties every production change to the formal change-management workflow. When the pipeline reapplies the Terraform state after CAB approval, any unapproved console modification is overwritten, eliminating configuration drift. IAM restrictions or detective tools such as AWS Config and CloudTrail improve security monitoring or auditing but do not by themselves bind changes to the change-management process or guarantee that the environment will revert to the approved baseline.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is configuration drift, and why is it problematic?
Open an interactive chat with Bash
What is the role of CI/CD pipelines in preventing configuration drift?
Open an interactive chat with Bash
How does Terraform help maintain infrastructure consistency?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .