Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

A SaaS provider discovers that attackers cloned its public Git repository, copied a database connection string embedded in a Python script, and used the credentials to log in to the cloud-hosted production database. Which common cloud application security pitfall most directly enabled this breach, and what developer practice would have best prevented it?

  • Configuring overly permissive Cross-Origin Resource Sharing (CORS) headers; developers should restrict allowed origins to trusted domains only.

  • Including hard-coded credentials in source code; instead, store secrets in a managed secrets vault and inject them securely at runtime.

  • Failing to validate user input on the server side; developers should sanitize all client-supplied data before database queries.

  • Deploying unsigned container images; developers should enforce image signing and verification in the CI/CD pipeline.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot