ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization is deploying an open-source VPN appliance in a hybrid AWS environment. Security policy mandates that the tunnel's encryption keys be established through a process in which both peers contribute entropy, preventing either side from unilaterally choosing the session key. Which of the following PKI-based mechanisms should you configure to meet this requirement?
RSA key transport in which the initiator encrypts a randomly generated session key with the responder's public key
Diffie-Hellman Ephemeral (DHE) exchange to negotiate a shared secret
Encrypting the session key with the certificate authority's private signing key before delivery
Distribution of a static symmetric key to both peers via secure courier
Diffie-Hellman Ephemeral (DHE) is a classic key-agreement protocol. During a DHE exchange, each peer generates a private random value and sends the corresponding public value to the other side. Both sides then derive the identical symmetric session key from the combination of their own private value and the other party's public value, ensuring that neither side alone determines the key.
RSA key transport encrypts a session key generated by one party with the recipient's public key-only one side selects the key, so it is a key-exchange, not a key-agreement, method. A static pre-shared key offers no dynamic generation or bilateral contribution. Encrypting a session key with the certification authority's private key is not a standard or secure method for negotiating session keys and would violate PKI trust principles. Therefore, configuring DHE satisfies the requirement that both peers jointly establish the session key.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
ELI5: What is Diffie-Hellman Ephemeral (DHE)?
Open an interactive chat with Bash
Why is DHE better than RSA for key agreement in this situation?
Open an interactive chat with Bash
What is meant by 'entropy' in cryptographic contexts?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .