ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your team is moving a three-tier web application to a public IaaS cloud. To satisfy PCI-DSS, you must be able to record every SQL statement executed against the provider-managed database service and generate alerts when an administrator attempts to access card-holder tables outside of approved change windows. Application code changes are not allowed. Which supplemental security component should you recommend to meet this requirement?
API gateway with rate-limiting and authentication policies
XML firewall deployed at the service bus
Database Activity Monitoring (DAM) service
Web Application Firewall positioned in front of the web tier
Database Activity Monitoring (DAM) tools sit between applications and the database (or tap the database audit stream) to capture, log, and analyze every query in real time. They can raise alerts on policy violations such as off-hours administrator access to sensitive tables, providing the detailed auditing required by regulations like PCI-DSS.
A Web Application Firewall focuses on HTTP traffic and blocks injection attacks but cannot see activity occurring inside the database once a query is accepted. An XML firewall validates and secures SOAP/XML messages and is irrelevant to a relational PCI workload. An API gateway secures REST/JSON APIs; it does not natively monitor low-level SQL traffic inside a managed database service. Therefore, DAM is the only option that fulfills the stated logging and alerting requirement without modifying the application.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Database Activity Monitoring (DAM) and how does it work?
Open an interactive chat with Bash
What is PCI-DSS, and how does it relate to managing databases in the cloud?
Open an interactive chat with Bash
Why can't alternatives like Web Application Firewalls or API Gateways replace DAM in this scenario?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .