ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A financial services firm uses Amazon EC2 Linux instances to generate a fresh 256-bit AES key for each transaction. Incident reviews show key creation sometimes blocks on /dev/random when entropy is exhausted, delaying processing. The team must eliminate these delays yet maintain high-quality randomness. Which approach best meets the entropy requirement?
Generate the keys inside an AWS CloudHSM cluster that provides a dedicated hardware random number generator.
Increase the symmetric key size to 512 bits so fewer keys need to be created over time.
Replace all /dev/random calls with /dev/urandom to prevent blocking during key generation.
Seed the instances' software random number generator with the system clock and store a pool of pre-generated random bytes in Amazon S3.
Using a hardware security module such as AWS CloudHSM addresses both needs. Each CloudHSM appliance includes a FIPS-validated hardware random number generator that continuously supplies high-quality entropy to its deterministic random bit generator, allowing rapid creation of strong cryptographic keys without blocking. Switching to /dev/urandom may avoid blocking but offers lower assurance of fresh hardware-based entropy, which some high-assurance environments require. Increasing the key size or caching random bytes does not resolve the underlying shortage of entropy and can introduce new risks. Therefore, generating keys inside AWS CloudHSM is the most suitable choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS CloudHSM?
Open an interactive chat with Bash
How does /dev/random differ from /dev/urandom?
Open an interactive chat with Bash
What is entropy in cryptographic systems?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .