ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A retail chain uses point-of-sale terminals with embedded 4G/LTE modems to transmit card-holder data back to its card-processing environment. After learning that criminals are deploying rogue base stations (IMSI catchers) to eavesdrop on nearby cellular traffic, the security team must harden the terminals without replacing carrier infrastructure. Which control most effectively preserves the confidentiality and integrity of the data even if a terminal unknowingly associates with a malicious eNodeB?
Provision a static Access Point Name (APN) and credentials supplied by the carrier for all terminals.
Enable Carrier Aggregation on the modem to combine multiple frequency bands and reduce retransmissions.
Disable LTE radio-layer ciphering so that network monitoring tools can inspect traffic for anomalies in clear text.
Configure each terminal to establish an IPsec VPN tunnel to the processing environment immediately after obtaining an LTE data connection.
Because the organization cannot trust the radio access network, it must add an end-to-end cryptographic layer that is independent of the cellular provider. Establishing an IPsec VPN tunnel from each terminal to the processing environment encrypts every packet and provides integrity checking from the source device all the way to the data-center gateway. Even if an IMSI catcher forces the terminal to attach to a rogue base station, the attacker sees only ciphertext and cannot tamper with the traffic without detection. Enabling carrier features such as Carrier Aggregation or static APN credentials does nothing to protect the data itself, and turning off LTE encryption exposes the payload in clear text, increasing risk rather than reducing it.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an IMSI catcher and why is it a threat?
Open an interactive chat with Bash
How does IPsec VPN enhance security in this scenario?
Open an interactive chat with Bash
What are the limitations of relying on LTE radio-layer encryption alone?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .