ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
An incident response team stores nightly server images in an Amazon S3 bucket that is replicated to a second AWS Region. To satisfy compliance, the team must be able to prove that any replica is bit-for-bit identical to the original image even if the files are copied between buckets multiple times. Which approach BEST meets the requirement with the least operational overhead?
Encrypt each image with AES-256 in server-side encryption mode and verify that the resulting ciphertext matches after replication.
Digitally sign each image with the organization's private RSA key and validate the signature after every copy.
Calculate a CRC32 checksum for each file and re-check the CRC value in the destination bucket.
Generate and store a SHA-256 digest for each image when it is created, then recompute and compare the digest after every replication event.
A collision-resistant cryptographic hash such as SHA-256 generates a fixed-length, deterministic fingerprint for any input. When the same image is hashed again after replication, the resulting digest will match only if every single bit of the file is unchanged. Because the algorithm is one-way and collision resistant, an attacker cannot feasibly create a different image that produces the same digest. AES encryption provides confidentiality rather than integrity checking, CRC32 is designed for accidental error detection and is vulnerable to intentional tampering, and full digital signatures add unnecessary key-management overhead when authenticity to an external party is not required.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SHA-256 and why is it collision-resistant?
Open an interactive chat with Bash
Why is AES-256 not suitable for integrity checking?
Open an interactive chat with Bash
What is the difference between CRC32 and SHA-256 for integrity checking?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .