ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization is deploying 20,000 environmental sensors worldwide that will publish telemetry to an AWS IoT Core endpoint over the public Internet. Security requires that each sensor prove its identity without shared secrets, enable fine-grained authorization through individual IoT policies, and allow rapid revocation if a unit is stolen. Which approach best satisfies these requirements?
Require every sensor to connect through a site-to-site IPSec VPN that authenticates with a shared pre-shared key before accessing IoT Core.
Generate a single API key in Amazon API Gateway, flash it into every sensor, and invoke a Lambda function that forwards the data to IoT Core.
Embed an IAM user access key and secret in every sensor's firmware and use SigV4-signed MQTT requests to authenticate to IoT Core.
Provision an individual X.509 certificate for each sensor, register the certificate in AWS IoT Core, and attach a sensor-specific IoT policy granting publish permissions.
AWS IoT Core is designed for large fleets of devices that must authenticate without relying on shared credentials. Registering an individual X.509 certificate for every sensor establishes mutual TLS so the device can cryptographically prove its identity. Each certificate can have its own IoT policy, providing per-device authorization. If a sensor is compromised, its certificate can be deactivated or removed from the registry without affecting any other device. Embedding IAM user keys or a single API key creates shared secrets that are difficult to rotate and revoke at scale, and exposes long-lived credentials. Using a VPN with a single pre-shared key provides only network-level access control and still shares a secret across the entire fleet, offering no per-device revocation or policy granularity.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an X.509 certificate?
Open an interactive chat with Bash
How does AWS IoT Core use individual IoT policies with certificates?
Open an interactive chat with Bash
What is mutual TLS (mTLS) and why is it important for IoT security?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .