🔥 40% Off Crucial Exams Memberships — This Week Only

2 days, 9 hours remaining!
Crucial Exams

ISC2 Systems Security Certified Practitioner (SSCP) Practice Question

Your company is building a serverless API on AWS that must encrypt individual JSON attributes (each <200 bytes) before writing them to Amazon DynamoDB. The solution should minimize CPU cycles in the Lambda functions, provide strong confidentiality, and scale to millions of records with simple key management. Which approach best meets these requirements?

  • Hash each attribute with SHA-256 and store only the hash value in DynamoDB to protect confidentiality

  • Apply Elliptic Curve Integrated Encryption Scheme (ECIES) with a P-256 public key, keeping the private key in AWS CloudHSM for decryption

  • Encrypt each attribute directly with a 2048-bit RSA public key and store the corresponding private key in AWS Secrets Manager for decryption when needed

  • Request a 256-bit data key from AWS Key Management Service for each record and use it to encrypt the attribute locally with AES-256-GCM, storing the ciphertext and the encrypted data key in the table

ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot