Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

Your SaaS platform allows customers to upload short Python plugins that analyze their own datasets at runtime. Security policy states that

  • a plugin must never be able to touch the underlying host OS or another tenant's data,
  • the execution environment must be destroyed immediately after the plugin finishes, and
  • the solution must keep resource overhead low enough to support thousands of daily plugin runs. Which sandboxing approach best satisfies all three requirements?

  • Run plugins within a chroot jail inside the main application process, relying on file permissions for separation.

  • Create a dedicated virtual machine for every plugin execution and keep it powered on for 24 hours before re-use to amortize costs.

  • Launch each plugin in an ephemeral container that uses Linux namespaces, cgroups, and a seccomp profile to restrict system calls.

  • Place the analysis service in a private subnet with egress blocked and keep all plugins running under the same host user account.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot