ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
Your company is deploying a battery-powered IoT environmental monitoring system that uses a multi-hop wireless mesh topology. Because nodes have very limited processing power and often lack any connection to central infrastructure, you must select a way to authenticate neighbors and secure routing traffic. Which key-management approach is MOST appropriate?
Rely solely on 802.11i/WPA2 link-layer security negotiated at association to secure and authenticate all mesh traffic
Implement certificate-based mutual TLS between nodes using 2048-bit RSA keys issued by an online certificate authority
Preload each node with a random subset of keys from a large predistributed key pool so neighbors can establish shared secrets opportunistically
Provision every node with a single network-wide symmetric key used for all encryption and authentication
Random key predistribution schemes load each sensor with a small, random subset of symmetric keys chosen from a much larger pool before deployment. After deployment, neighboring nodes exchange key identifiers; if they share one or more keys they can immediately derive a pairwise session key locally, with no need to contact a base station. This lightweight, decentralized approach scales to thousands of battery-powered devices and limits the damage if a single node is captured. A single network-wide key offers no compromise containment-one lost node exposes the entire mesh. Certificate-based mutual TLS with 2048-bit RSA is far too CPU- and memory-intensive for tiny sensors and presumes connectivity for certificate revocation checks. Relying solely on 802.11i/WPA2 link-layer security would require every sensor to implement the full 802.11 stack (often unavailable or power-hungry) and, even in PSK mode, protects only the local radio link, leaving higher-layer mesh routing messages unauthenticated and therefore vulnerable.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is random key predistribution more suitable for IoT sensor networks?
Open an interactive chat with Bash
What is a multi-hop wireless mesh topology and why does it matter for IoT systems?
Open an interactive chat with Bash
What are the limitations of certificate-based mutual TLS in IoT systems?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Architecture and Design
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .