ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A hospital must send nightly CSV files containing patient Social Security numbers from its data center to an external research partner over the Internet. The data must be encrypted in transit, its integrity verifiable, and both endpoints must mutually authenticate. A site-to-site VPN is forbidden, and the solution must need only one firewall rule and allow fully automated batch transfers. Which approach best meets these requirements?
Transfer the files using SFTP over SSH with public-key authentication configured for both the hospital and the research partner, allowing traffic only on TCP port 22.
Use FTPS in explicit mode, relying on the partner's X.509 server certificate and authenticating the hospital with a user name and password.
Send the files as encrypted email attachments using SMTP with STARTTLS and DKIM signing between the domains.
Upload the files via an HTTPS POST to a partner web endpoint protected by TLS 1.2 and an API token in the request header.
The Secure File Transfer Protocol (SFTP) runs inside an SSH session, which provides strong confidentiality through encryption, integrity protection via message authentication codes, and mutual authentication when key pairs are exchanged by both client and server. Key-based authentication enables unattended batch jobs, and only TCP port 22 has to be opened on the firewall.
Explicit FTPS uses TLS but still negotiates separate data ports and usually authenticates only the server unless mutual TLS is added, complicating firewall and credential management. HTTPS with just a server certificate and an API token does not enforce client authentication at the transport layer. SMTP with STARTTLS and DKIM secures email delivery and message authenticity but is not intended for reliable bulk file integrity verification or efficient batch transfers. Therefore, SFTP over SSH with mutual key authentication best satisfies all stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SFTP and how does it differ from FTP?
Open an interactive chat with Bash
How does public-key authentication work in SFTP?
Open an interactive chat with Bash
What is TCP port 22, and why is it significant for SFTP?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .