ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company is migrating a medical imaging archive containing protected health information (PHI) to Amazon S3. Compliance rules require strong encryption at rest, but the engineering team also wants to minimize encryption-related CPU overhead and latency for both uploads and downloads. When configuring server-side encryption with AWS Key Management Service (KMS), which cipher and key type will best satisfy these security and performance requirements?
ECC-based encryption using a 521-bit public key stored in AWS CloudHSM
RSA-2048 asymmetric encryption with customer-provided keys (SSE-C)
Triple DES (3DES) with a 168-bit key through client-side encryption libraries
AES-256 symmetric encryption managed by AWS KMS (SSE-KMS)
AWS KMS-protected server-side encryption for S3 (SSE-KMS) uses the Advanced Encryption Standard with a 256-bit symmetric key (AES-256) for the actual object encryption, while the KMS master key is used only to encrypt the data-encryption key (envelope encryption). AES-256 is considered highly secure and, because it is a symmetric block cipher implemented in hardware acceleration (e.g., AES-NI), it introduces far less computational overhead than asymmetric algorithms such as RSA or ECC. Triple DES offers weaker effective key strength and lower performance, and no current AWS managed option provides Blowfish for SSE. Therefore, selecting AES-256 with a symmetric data-key managed by KMS offers the strongest protection with minimal impact on performance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AES-256 encryption, and why is it considered secure?
Open an interactive chat with Bash
What is the role of AWS Key Management Service (KMS) in server-side encryption?
Open an interactive chat with Bash
Why is symmetric encryption preferred over asymmetric encryption for performance-sensitive tasks?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .