ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company pushes firmware updates to hundreds of field devices through a public content-delivery network that offers no built-in authentication. Security policy states that every device must be able to confirm that an update originated from headquarters and was not modified in transit, while still allowing anyone to download the file. Which approach BEST meets this requirement?
Require each device to download updates through an SSH tunnel established to headquarters.
Publish an MD5 checksum of every package so devices can compare the value before installation.
Encrypt each package with AES-256 and distribute the symmetric key to devices during provisioning.
Sign each firmware package with the organization's private key and have devices verify the signature using the corresponding public certificate.
Digitally signing the firmware with the organization's private key allows any device holding the corresponding public certificate to verify both the origin (authenticity) and that the code was not altered (integrity). Confidentiality is not required, so the file can remain publicly downloadable. AES encryption with a shared symmetric key would provide confidentiality but requires securely distributing a secret to every device and does not provide non-repudiation. Publishing an MD5 checksum supplies integrity verification but cannot prove the publisher's identity and relies on a weak hash algorithm. Using SSH tunnels would add transport protection, but it negates the use of a public CDN and still would not provide proof of origin once the file is stored locally.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is digital signing and how does it ensure security?
Open an interactive chat with Bash
Why is AES encryption not suitable for this situation?
Open an interactive chat with Bash
What is the limitation of using MD5 checksums for security?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .