ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Field engineers gather sensor logs on isolated Windows 10 laptops, copy them to USB sticks, and later upload the files from either Windows or Linux workstations to Amazon S3. Corporate policy requires that every removable drive be encrypted with a FIPS-validated AES-256 implementation, impose almost no extra steps on engineers, and allow the security team to revoke or destroy keys remotely if the drive is lost. Which solution best satisfies these requirements?
Issue centrally managed, hardware-encrypted USB drives that perform on-device AES-256 encryption, unlock via a PIN keypad, and support remote kill or key rotation by security administrators.
Permit only FAT32-formatted USB drives and rely on server-side encryption when the files are uploaded to an Amazon S3 bucket over TLS.
Require engineers to compress logs into AES-256 password-protected 7-Zip archives before copying them to any standard USB flash drive.
Force BitLocker To Go encryption through Group Policy and escrow recovery keys in Active Directory, instructing Linux users to mount the drive with third-party tools when needed.
Centrally managed, hardware-encrypted USB drives meet every policy condition. A dedicated encryption controller on the drive enforces FIPS-validated AES-256 automatically for any operating system, while an integrated PIN keypad lets engineers unlock the media without installing software. Enterprise management consoles offered by major vendors can rotate keys or issue a remote kill that zeroizes the on-board key, rendering a lost drive unreadable. BitLocker To Go supplies strong encryption but lacks native remote-disable capability and forces Linux users to install third-party tools. Password-protected 7-Zip archives are manual, leave unencrypted temporary files, and provide no centralized key control. Relying on unencrypted FAT32 media and server-side S3 encryption protects data only after upload, leaving the USB contents exposed if the drive is lost.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is FIPS-validated AES-256 encryption?
Open an interactive chat with Bash
How does remote kill or key rotation work for hardware-encrypted USB drives?
Open an interactive chat with Bash
Why does BitLocker To Go lack remote kill capability?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .