ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company's research and development team stores proprietary design documents on a central Linux file server that engineers access over the corporate LAN. Leadership mandates that these intellectual property (IP) files must remain confidential if the server is stolen, and any unauthorized changes to the files must be detectable, without disrupting day-to-day collaboration for authorized users. Which approach best satisfies these requirements while following industry-accepted security practices?
Instruct engineers to place their design files in password-protected ZIP archives before uploading them to the shared server.
Rely solely on strict file-system access control lists to limit read and write permissions to authorized engineers.
Enable full-disk encryption with AES-256, secure the key in a hardware security module, and require engineers to apply digital signatures to the files.
Run nightly scripts that compute and compare MD5 hashes of each file to previously stored values in a database.
Encrypting the entire server disk with a strong symmetric algorithm such as AES-256 ensures that the proprietary files cannot be read if the physical media is lost or stolen, thus maintaining confidentiality. Housing the encryption key inside a hardware security module (HSM) prevents attackers from retrieving the key even if they gain physical access to the server. Requiring engineers to apply digital signatures with organization-issued certificates each time they save or check in a file provides cryptographic integrity and authenticity, allowing any unauthorized modification to be detected.
Calculating and storing MD5 hashes helps verify integrity, but MD5 is considered cryptographically broken and does not protect confidentiality. Relying only on NTFS (or comparable POSIX) file permissions controls access but offers no protection once the server is physically compromised. Password-protected ZIP archives typically use weaker encryption schemes and introduce workflow friction, making them less suitable for seamless collaboration and strong protection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does AES-256 encryption ensure confidentiality?
Open an interactive chat with Bash
What is a hardware security module (HSM), and why is it important?
Open an interactive chat with Bash
What are digital signatures, and why are they used for file integrity?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .