ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Field technicians use company-owned Android tablets running a custom inventory app that calls an Amazon API Gateway REST API backed by AWS Lambda in a VPC. A new corporate mandate now requires that every request from the tablets to AWS be encrypted in transit using at least TLS 1.2, but the development team cannot modify the mobile application. Which solution meets the mandate with the least additional operational effort?
Integrate the AWS Encryption SDK into the mobile app so each request payload is encrypted before being sent to API Gateway.
Associate a custom domain with the API Gateway endpoint, provision an ACM certificate, and configure the custom domain's security policy to require TLS 1.2.
Enable server-side encryption with AWS KMS on all DynamoDB tables accessed by the Lambda functions called by the API.
Create an AWS Client VPN endpoint, require every tablet to connect to the VPN, and expose the REST API only through the VPN's private DNS name.
Amazon API Gateway REST APIs are accessible only over HTTPS by default. By attaching a custom domain name to the API, provisioning an AWS Certificate Manager (ACM) certificate for that hostname, and setting the custom domain's security policy to TLS 1.2, you guarantee that all traffic from the tablets is encrypted with a minimum of TLS 1.2 without changing the application or adding client software.
Deploying a Client VPN satisfies the mandate but introduces extra infrastructure and requires each tablet to install and maintain VPN software. Enabling server-side encryption on DynamoDB secures data at rest only. Encrypting payloads with the AWS Encryption SDK would require code changes in the mobile app, which is disallowed by the constraint.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is TLS 1.2 and why is it important?
Open an interactive chat with Bash
What is Amazon API Gateway and how does it manage HTTPS connections?
Open an interactive chat with Bash
What is AWS ACM and how does it manage certificates?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .