malcolm, of course, it is possible, however, comes with a bit of custom work. Basically speaking, visitors, do not have a unique identity, so you would have to have some way to "flag" a visitor that completed your web form. Probably, in your case, using some sort of signed cookie is the way to go (it is not the most secure way, but is good trade-off).
So basically, when a visitor submits a form, your backend should set a cookie with some signed (with a secret key) value. Then you define a quick AAM access policy that will grant access to protected content if the visitor has the specific cookie set and its value is legit.
I hope this will give you a good idea for implementation.
Vasyl