Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

Your organization runs a multi-tenant SaaS platform in a public cloud. The DevOps team built a CI/CD pipeline that automatically deploys containers to production. A recent incident showed that long-lived IAM user keys hard-coded in the pipeline were leaked, allowing attackers to spin up rogue instances. To reduce the blast radius while still enabling automated deployments, which control provides the MOST effective mitigation?

  • Restrict the IAM user keys to the DevOps group and rotate them every 90 days.

  • Encrypt the existing IAM user keys with the cloud KMS service and store the ciphertext in the pipeline configuration.

  • Move the IAM user keys into environment variables defined in the Dockerfile so they are not visible in the code repository.

  • Use a secrets-management service that issues short-lived, single-use deployment credentials to the pipeline at run time and revokes them after completion.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Concepts, Architecture and Design
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot