Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

During a security review of a cloud-native SaaS application, you discover that outdated open-source libraries are still being introduced into production even though static (SAST) and dynamic (DAST) code scans already run in the CI/CD pipeline. To comply with corporate policy that mandates using only verified secure software, which additional control should the security team integrate into the build process to MOST effectively detect and block vulnerable third-party components before deployment?

  • Deploy a web application firewall in front of the SaaS platform to filter OWASP Top-10 attacks at runtime.

  • Require all developers to cryptographically sign their Git commits with personal SSH keys.

  • Enable multi-factor authentication on the container registry used by the pipeline.

  • Integrate Software Composition Analysis (SCA) to automatically inventory dependencies and block builds that include components with known vulnerabilities or unacceptable licenses.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot