Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

During a post-deployment penetration test of a newly launched SaaS application hosted in a public IaaS environment, testers exploited a feature that lets users supply external image URLs. By abusing the feature, they performed server-side request forgery (SSRF) and retrieved temporary access tokens from the instance metadata service at 169.254.169.254. You are creating a developer awareness session based on the test findings. Which single guideline would most directly prevent a recurrence of this vulnerability in future releases?

  • Run static code analysis before each release to detect any hard-coded credentials in the source repository.

  • Enforce output encoding on every response to the client to block reflected scripting attacks.

  • Implement strict allow-lists for outbound requests in the image-fetch function and apply network egress filtering to block access to internal metadata endpoints.

  • Require the use of parameterized SQL statements for all database queries.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot