Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

A SaaS development team has moved from a waterfall model to two-week agile sprints and now releases new container images multiple times per week. The cloud security architect notices that regulatory security requirements that were once verified in the dedicated test phase are no longer being consistently met. Which action best aligns security testing with the new SDLC methodology without slowing delivery?

  • Schedule a comprehensive external penetration test only after the minimum viable product is in production.

  • Defer all vulnerability scanning to the maintenance phase to avoid impacting sprint velocity.

  • Hold a single security design review meeting at project kickoff and reuse the resulting document for the rest of the release cycle.

  • Integrate automated static application security testing into the CI pipeline so it runs on every code commit during each sprint.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot