During a penetration test of a company hosted on a public IaaS provider, you find application source code on a compromised Linux VM contains hard-coded access keys that allow unfettered read/write access to object storage buckets. To minimize future exposure of these credentials and limit blast radius, which cloud-native control should you recommend implementing?
Enable server-side encryption with provider-managed keys on every object storage bucket.
Replace static keys with an instance-attached role that supplies short-lived credentials via the metadata or identity service.
Create a private network endpoint to object storage and block all outbound internet traffic from the VM.
Turn on object versioning and require multi-factor delete protection for the buckets.
Using an instance-attached role (sometimes called a managed identity or instance profile) removes the need to embed long-lived access keys in application code. The cloud provider delivers temporary, automatically rotated credentials to the workload over the metadata/identity service, enforcing least-privilege policies and preventing attackers who compromise the host from re-using exposed keys elsewhere. Enabling server-side encryption, private endpoints, or object versioning strengthens other security properties but does not stop the leakage or misuse of static credentials.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an instance-attached role in the context of cloud security?
Open an interactive chat with Bash
Why are static access keys considered a security risk in application code?
Open an interactive chat with Bash
How does the metadata or identity service supply temporary credentials to workloads?
Open an interactive chat with Bash
What is an instance-attached role?
Open an interactive chat with Bash
What is the metadata/identity service in cloud platforms?
Open an interactive chat with Bash
How does server-side encryption differ from instance-attached roles?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Cloud Computing
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .