ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your security team runs an AWS CloudHSM cluster that protects the private root-CA key used by an internal public key infrastructure (PKI). A new regulatory control now mandates split knowledge for any future key recovery or export operation, while allowing the existing automated online signing process to continue unaffected. Which change to the CloudHSM configuration BEST meets this requirement?
Modify the signing application to prompt for two separate Crypto User credentials before every signing transaction.
Rotate the cluster's security group keys and enable automatic HSM node scaling across Availability Zones.
Export the private key to a software keystore protected by a server-based TPM and disable key export on the HSM thereafter.
Enable M-of-N authorization for the Crypto Officer role so that a quorum of operators must authenticate before any key export or recovery command is accepted.
Enabling an M of N access control scheme on the CloudHSM cluster introduces split-knowledge (quorum) requirements only when sensitive key-management operations-such as key export, cloning, or backup restore-are invoked. Routine cryptographic use of the key by applications through an authenticated Crypto User session continues to work without additional human intervention, so normal automated signing is not disrupted. Migrating the key to software storage or forcing dual control on every sign operation would either violate FIPS requirements or break automation, and changing network settings does not address the compliance mandate.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is M-of-N authorization in AWS CloudHSM?
Open an interactive chat with Bash
What is a private root-CA key in a PKI?
Open an interactive chat with Bash
What is the purpose of split knowledge in key management?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .