ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
You are building an event-driven workload on AWS where a Lambda function publishes JSON messages to an Amazon SNS topic and downstream services read them from SQS. Consumers must confirm each message's origin and integrity, but confidentiality is unnecessary. The solution should introduce minimal latency and avoid the overhead of managing a PKI. Which method satisfies these goals?
Encrypt each message with an AWS KMS customer managed key and require consumers to decrypt it before processing.
Add an HMAC value computed with SHA-256 and a shared secret stored in AWS Secrets Manager; have each consumer recompute and compare the HMAC on receipt.
Sign each message using an RSA private key in AWS CloudHSM and distribute the corresponding public certificate to all consumers.
Rely on TLS encryption automatically applied to traffic between Lambda, SNS, and SQS to guarantee message integrity and origin authentication.
A Hash-based Message Authentication Code (HMAC) calculated with a shared secret and a strong hash function such as SHA-256 lets recipients verify that the message content is unaltered (integrity) and that it was generated by a party holding the secret (authentication). Because HMAC uses symmetric keys and simple hashing operations, it adds very little processing overhead and does not require the certificate management or computational cost associated with public-key signatures. Encrypting with AWS KMS would protect confidentiality but does not alone provide origin authentication, and it adds decryption latency. RSA digital signatures meet the security goals but introduce higher computational cost and PKI complexity, which the requirement seeks to avoid. Relying on TLS between AWS services protects data only while in transit and does not enable consumers to verify the message after it is stored in SNS or SQS. Therefore, including an HMAC that receivers can recompute and compare is the most suitable choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is HMAC and how does it ensure message integrity and authentication?
Open an interactive chat with Bash
Why is storing the shared secret in AWS Secrets Manager recommended?
Open an interactive chat with Bash
How does SHA-256 enhance the security of HMAC in this scenario?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .