ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your organization is decomposing a monolithic application into containerized microservices hosted on a managed Kubernetes service. Security policy mandates that external clients must never talk directly to individual microservices. The chosen control must also provide centralized authentication, rate limiting, and protocol translation (for example, HTTP/JSON to gRPC) while exposing a single public endpoint. Which supplemental security component best satisfies these requirements?
API gateway in front of the microservices
Service-mesh sidecar proxies on each microservice pod
Database activity monitoring (DAM) appliance
Web application firewall (WAF) protecting the cluster ingress
An API gateway is designed to sit in front of a collection of services and act as a single ingress point. It can enforce authentication and authorization, apply rate-limiting and throttling policies, perform protocol or message transformation, and route requests to the appropriate backend microservice-thereby preventing direct external access to each service.
A web application firewall focuses on inspecting traffic for attack patterns such as SQL injection but does not inherently provide routing, transformation, or aggregation features. A service-mesh sidecar proxy secures and observes east-west (service-to-service) traffic inside the cluster, not north-south access from external clients. Database activity monitoring solutions operate at the data layer, monitoring queries and responses, and cannot serve as an ingress gateway. Therefore, the API gateway is the appropriate architectural component for the stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an API gateway and why is it important in a microservices architecture?
Open an interactive chat with Bash
How does a service mesh differ from an API gateway, and when would you use each?
Open an interactive chat with Bash
Why is a web application firewall (WAF) not sufficient for this use case?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .