ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your DevOps team is preparing to deploy a new customer-facing SaaS application on a public cloud. A container image pulled from a public registry includes a cryptographic library released under the GNU Affero General Public License (AGPL). Management insists that all proprietary application code must remain closed source after deployment. Which action is the most appropriate way to address this third-party licensing risk without delaying the release?
Replace the AGPL-licensed library with a functionally equivalent component released under a permissive license such as MIT or Apache 2.0.
Negotiate a private fork of the AGPL library under a nondisclosure agreement and proceed without any further changes.
Keep the AGPL component and meet the license terms by releasing the entire SaaS application's source code to all users.
Continue using the AGPL library because its obligations apply only when software binaries are distributed, not when accessed as a service.
The AGPL extends copyleft obligations to software offered as a network service: anyone who interacts with the software over the network must be given access to the full corresponding source code. Keeping the rest of the SaaS application proprietary would therefore violate the license if the AGPL component remains. Replacing the component with one under a permissive license (e.g., MIT or Apache 2.0) removes the copyleft requirement and satisfies business objectives with minimal architectural change or delay. Simply proceeding under the assumption that network use is exempt is incorrect, because the AGPL specifically closes that loophole. Publishing all of the application's source would satisfy the license but conflicts with the mandate to keep the code closed. Obtaining a private fork under NDA does not override the public license unless the vendor offers a separate commercial license, which was not indicated.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are copyleft obligations in licensing?
Open an interactive chat with Bash
What is the difference between permissive licenses and copyleft licenses?
Open an interactive chat with Bash
Why is the AGPL considered stricter than the standard GPL license?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .