Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

Your organization recently moved its CI/CD pipelines to a public cloud service. Build jobs compile container images and then push them to a managed registry by using an access token that is currently declared as a plain-text environment variable in the pipeline definition YAML stored in a shared Git repository. From a DevOps security perspective, which action should be taken first to reduce the likelihood of credential leakage during code review or repository compromise?

  • Store the registry access token in the platform's secrets-management service and reference it at runtime instead of keeping it in plain text.

  • Add a static application security testing (SAST) stage to the pipeline to catch code-level vulnerabilities before deployment.

  • Require two developers to approve every pull request before merging into the main branch.

  • Introduce blue/green deployments so that releases can be rolled back quickly if a credential leak is detected.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Concepts, Architecture and Design
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot