ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During an architectural risk assessment of a new microservices-based e-commerce platform, you notice that every service connects to the same relational database through a single, highly privileged service account, and only the API gateway enforces authentication. Which architectural change will best correct the violation of the least-privilege principle and limit lateral movement if one service is compromised?
Keep the shared account but add a centralized connection pool at the gateway to manage database sessions more efficiently.
Deploy a network intrusion detection system between the API gateway and database to spot suspicious queries from services.
Give every microservice a separate database schema and credentials limited to its required tables and operations.
Move authentication from the API gateway into each microservice while continuing to use the shared privileged database account.
Using one high-privilege account shared by all services violates the least-privilege principle and allows any compromised service to access or modify the entire data set. Assigning each microservice its own database credentials, constrained to just the data and actions it needs, enforces least privilege and prevents a breach in one service from automatically granting broad database access. Moving authentication logic or adding IDS/WAF capabilities may improve security in other ways, but they do not remove the excessive privileges granted by the shared account. Connection pooling improves performance, not privilege separation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the least-privilege principle?
Open an interactive chat with Bash
Why is using a single, highly privileged service account a security risk?
Open an interactive chat with Bash
How does assigning separate database credentials to microservices improve security?
Open an interactive chat with Bash
What is the principle of least privilege?
Open an interactive chat with Bash
What is lateral movement in cybersecurity?
Open an interactive chat with Bash
How does assigning unique database credentials to each microservice improve security?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Architecture and Design
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .