ISC2 Certified Cloud Security Professional (CCSP) Practice Question
During a cloud security assessment, you learn that a development team stores a production database connection string-including the clear-text password-in a Kubernetes ConfigMap that is mounted as an environment variable inside application containers. During testing, a tester who compromises a low-privileged pod can read the variable and use the password to dump the entire database. According to the OWASP Top-10 (2021), which vulnerability category does this issue MOST closely correspond to?
A01:2021 - Broken Access Control
A06:2021 - Vulnerable and Outdated Components
A02:2021 - Cryptographic Failures (formerly Sensitive Data Exposure)
The root problem is that a secret is stored in clear text (a plaintext environment variable retrieved from a non-encrypted ConfigMap). This represents a failure to protect sensitive data through proper encryption or secure secret storage. Under the OWASP Top-10 (2021), such shortcomings are classified as Cryptographic Failures (A02:2021), which covers inadequate protection of data at rest or in transit. While broken access control, security misconfiguration, and the use of outdated components can contribute to risk, the primary weakness exploited here is the absence of appropriate cryptographic protection for credentials.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is OWASP Top-10, and why is it important in cloud security?
Open an interactive chat with Bash
How do Cryptographic Failures affect cloud security?
Open an interactive chat with Bash
What secure practices can prevent storing sensitive data as clear-text in Kubernetes ConfigMaps?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .