ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your team hosts an open-source project in AWS CodeCommit and accepts encrypted email patches from hundreds of volunteers. Management wants every patch digitally signed to prove authorship and integrity but refuses to deploy or rely on any centralized certificate authority. Contributors are willing to meet in person to exchange and cross-sign keys. Which approach best meets these needs?
Use AWS Key Management Service (KMS) customer-managed keys integrated with CodeCommit so contributors can sign their commits.
Adopt Pretty Good Privacy (PGP) and let contributors create and exchange keys, signing each other's keys to build a Web of Trust for signature verification.
Require all contributors to authenticate through a Kerberos realm federated with AWS Directory Service before submitting signed patches.
Deploy an internal hierarchical PKI with a privately managed root CA to issue X.509 code-signing certificates to every contributor.
Pretty Good Privacy (PGP) and its open-source implementation GPG use a decentralized Web of Trust where users sign one another's public keys after verifying identity offline. Recipients can then validate a signature through chains of user endorsements without any central certificate authority.
A hierarchical PKI with a private root CA still requires centrally issuing and managing X.509 certificates, violating the stated constraint.
AWS KMS provides managed keys but signatures depend on AWS's centralized service; it does not support peer key-signing.
Kerberos requires a Key Distribution Center, again introducing centralized infrastructure. Therefore, adopting PGP/GPG with a community-maintained Web of Trust is the only option that satisfies all requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Web of Trust in PGP?
Open an interactive chat with Bash
How do PGP keys differ from X.509 certificates?
Open an interactive chat with Bash
How do contributors exchange and cross-sign keys using PGP?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .