ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During an architecture review of a new IoT crop-monitoring solution, hundreds of battery-powered soil sensors will send data over an IEEE 802.15.4 multi-hop mesh (6LoWPAN) to a cloud gateway located at the edge of a farm where physical access by outsiders is possible. To mitigate the most significant security risk while keeping power consumption low, which design choice is MOST appropriate?
Provision each sensor with a unique pre-shared symmetric key stored in a secure element and enable 802.15.4 AES-CCM link-layer encryption for all frames
Replace 802.15.4 radios with Wi-Fi modules and protect traffic using WPA3-Enterprise
Rely on 802.15.4 collision-avoidance (CSMA/CA) alone and transmit sensor data in cleartext to conserve battery power
Digitally sign every telemetry message with XML Signature to ensure end-to-end integrity and authentication
Because the sensors are deployed in an uncontrolled environment, the primary threat is eavesdropping on-or injection of-wireless traffic. IEEE 802.15.4 already supports lightweight AES-CCM link-layer security that provides both encryption and integrity with minimal processing overhead. Storing device-unique symmetric keys inside a secure element (or TPM-like component) strengthens this control by preventing key extraction even if a node is captured. Relying only on CSMA/CA offers no confidentiality or authentication. Migrating to WPA3 would require replacing the radios with higher-power Wi-Fi hardware, reducing battery life and increasing cost. XML Signatures add strong integrity but impose far greater computational and bandwidth overhead than AES-CCM, making them unsuitable for constrained sensors. Therefore, pre-shared symmetric keys protected by on-device secure storage and used with AES-CCM at the 802.15.4 link layer best balances security and resource constraints.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What makes AES-CCM suitable for 802.15.4 IoT networks?
Open an interactive chat with Bash
What is the role of a secure element in IoT devices?
Open an interactive chat with Bash
Why is CSMA/CA alone insufficient for securing an IoT network?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Architecture and Design
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .