ISC2 Certified Cloud Security Professional (CCSP) Practice Question
A cloud operations team is standardizing Infrastructure as Code (IaC) for its IaaS firewalls, subnets, and virtual machines. They store all Terraform configuration files in a Git repository and use a CI/CD pipeline that automatically runs terraform plan on every pull request and terraform apply only after the change is approved and merged into the main branch. Which core IaC practice does this workflow best exemplify?
Manual drift remediation using ad-hoc commands after monthly audits
A blue-green deployment strategy to release application versions with zero downtime
A GitOps workflow that treats the repository as the single source of truth for infrastructure
Terraform state locking to prevent simultaneous runs by different engineers
Keeping declarative infrastructure definitions in a version-control system and requiring all changes to follow the same review-and-merge process is the essence of the GitOps (VCS-driven IaC) workflow. Git is treated as the single source of truth; the CI/CD pipeline continuously reconciles the live cloud environment with the desired state stored in the repository. This embodies key IaC principles-version control, peer review, automated testing, and immutable audit history.
Other options describe useful concepts, but they are not the primary practice illustrated:
A blue-green deployment strategy focuses on application releases, not on governing infrastructure state through Git.
Manual drift remediation implies detecting and fixing configuration differences by hand, which contradicts the automated pipeline described.
State locking prevents concurrent Terraform runs but does not by itself enforce review, approval, and promotion of code through Git.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does GitOps mean in the context of IaC?
Open an interactive chat with Bash
What is terraform plan and terraform apply, and why are they important in IaC?
Open an interactive chat with Bash
How does a CI/CD pipeline enhance IaC workflows?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .