ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
An organization must move nightly credit-card log files from its on-premises server to an EC2 instance. The security team mandates end-to-end encryption, mutual authentication, and the fewest possible inbound openings in the AWS security group. Which protocol implementation best meets these requirements while remaining PCI-DSS compliant?
Use FTPS in explicit mode on port 21 secured with a server-side X.509 certificate only.
Use SFTP over port 22 with SSH key pairs for both client and server authentication.
Send the logs via HTTP PUT to a REST endpoint protected by TLS 1.2 and a shared API key.
Establish an IPsec site-to-site VPN and transfer the files using standard FTP.
SFTP is carried over the SSH protocol, providing encryption for both authentication data and file contents. By using key-based authentication, the client validates the server's host key while the server validates the client's public key, satisfying the requirement for mutual authentication. Because SFTP multiplexes control and data over a single SSH session on port 22, only one inbound rule is needed in the security group, simplifying firewall management.
FTPS in explicit mode encrypts traffic but requires port 21 plus a range of ephemeral data-channel ports, increasing the attack surface and firewall complexity. A plain FTP session inside an IPsec VPN would encrypt the tunnel but exposes an unencrypted FTP service if the tunnel terminates at the EC2 host, and FTP still needs multiple ports. HTTPS PUT secures data in transit but normally authenticates only the server; relying on an API key does not constitute mutual authentication. Therefore, SFTP with SSH key pairs is the most appropriate choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SFTP and how is it different from FTPS?
Open an interactive chat with Bash
What is mutual authentication, and how is it achieved in SFTP?
Open an interactive chat with Bash
Why is using a single SSH session over port 22 beneficial for security?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .