ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your company is building a hybrid cloud environment on AWS, Azure, and Google Cloud. Security policy bans storing permanent access keys on administrator laptops. You are preparing a hardened Linux jump host and must install and configure multi-cloud management tooling that honors the policy while still allowing command-line administration of all three platforms. Which approach best meets these requirements?
Use a third-party multi-cloud GUI that aggregates all platforms and keeps each cloud's root API keys in an encrypted file on the jump host.
Install the official AWS CLI, Azure CLI, and Google Cloud SDK, configuring each to use identity-federated single sign-on so short-lived tokens are obtained instead of storing long-term credentials.
Access every cloud through its web console over HTTPS and enable the browser to remember the necessary usernames and passwords.
SSH directly into the underlying hypervisor hosts in each provider's data center and manage resources with vendor-specific command sets.
Installing each provider's official command-line interface (CLI) and integrating them with an identity-federation or single-sign-on solution lets administrators obtain short-lived, just-in-time access tokens whenever they start a session. The CLIs cache the tokens only in memory (or in time-limited credential files) and automatically refresh them, eliminating the need to store long-lived secret keys on the jump host. Relying on web consoles with saved passwords still stores static credentials locally, while third-party aggregators that keep root API keys or direct SSH access to cloud hypervisors both violate the policy and, in most public clouds, are not operationally feasible or secure. Therefore, using each cloud provider's native CLI with federated SSO is the most secure and compliant choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is identity-federated Single Sign-On (SSO)?
Open an interactive chat with Bash
How do short-lived tokens improve security in multi-cloud environments?
Open an interactive chat with Bash
Why are native CLI tools preferred over third-party aggregators for cloud management?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .