Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

Your company is integrating with a cloud provider's RESTful management API to automate user provisioning. The integration uses OAuth tokens sent over TLS. Penetration testers demonstrate that by modifying the URI parameters they can enumerate and read records belonging to other tenants because the API fails to perform proper authorization checks after authentication. Which cloud-specific threat category does this vulnerability BEST exemplify?

  • Insecure or insufficiently protected application programming interfaces

  • Malicious insider planting cryptomining malware in shared workloads

  • Supply-chain compromise of the provider's underlying hardware firmware

  • Hypervisor breakout that allows a guest VM to access the host

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Concepts, Architecture and Design
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot