Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During a security review of your organization's automated build pipeline, you must recommend a control that most directly reduces the risk that malicious code or tooling can persist in the build environment and infect subsequent releases. Which approach BEST addresses this threat?

  • Spin up isolated, ephemeral build servers from a hardened, trusted image for every build and terminate them when the job completes.

  • Require all developers to sign Git commits with personal PGP keys before pushing to the central repository.

  • Perform vulnerability scanning of production servers on a monthly schedule and patch promptly.

  • Apply role-based access control to the cloud management console while continuing to use long-lived shared build servers.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Supply Chain
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot