ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization's security policy forbids opening new inbound firewall ports to the on-premises data center. However, a group of short-term contractors need interactive access to a Windows-based financial analysis tool that must remain on internal servers, and the company wants to prevent any copying of data to the contractors' laptops. Which remote-access approach BEST satisfies these constraints?
Ship hardened Linux thin clients that establish an IPsec site-to-site VPN directly into the data center.
Deploy a clientless SSL VPN portal on the data-center firewall and let contractors run the application through the VPN.
Stand up a server-hosted virtual desktop infrastructure (VDI) farm and publish the application through an HTML5-enabled secure reverse proxy located in the DMZ.
Permit contractors to use Remote Desktop Protocol (RDP) over TCP 3389 with network-level authentication and TLS.
Publishing the application through a server-hosted virtual desktop infrastructure (VDI) that is front-ended by an HTML5-enabled secure reverse proxy placed in the DMZ satisfies all stated requirements. The desktops run inside the protected network, so data never leaves the data center and cannot be copied to contractor machines; only display updates and keystrokes traverse the connection. Because the reverse proxy terminates external TLS sessions in the DMZ and the VDI connection brokers initiate outbound connections to that proxy, no new inbound ports need to be opened into the internal network.
By contrast, a clientless SSL VPN portal would still require the firewall to listen for inbound HTTPS from the Internet; an IPsec site-to-site VPN demands opening UDP 500/4500 and ESP/AH; and exposing Remote Desktop Protocol (RDP) directly over TCP 3389 violates the policy and increases data-leakage risk through drive or clipboard redirection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a server-hosted virtual desktop infrastructure (VDI)?
Open an interactive chat with Bash
What is an HTML5-enabled secure reverse proxy?
Open an interactive chat with Bash
What is the DMZ in network security?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .