ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During architecture definition for a healthcare SaaS, your threat modeling shows a high likelihood of data exfiltration through stolen API keys and only a moderate risk of denial-of-service attacks. Budget allows implementing just one new control in the near term. Which control should you prioritize to most effectively reduce overall risk?
Implement multi-region failover capabilities to maintain service availability during attacks.
Deploy a privileged access management platform to rotate, store, and monitor API credentials.
Enable transparent database encryption with AES-256 to protect data at rest.
Enforce server-side rate limiting and auto-scaling to absorb traffic surges.
Security controls must be selected and ordered according to the magnitude of the risks they mitigate. In this scenario, loss of API credentials is assessed as having both high likelihood and severe impact because it can lead directly to unauthorized disclosure of electronic protected health information (ePHI)-a primary confidentiality concern under regulations such as HIPAA. Deploying a privileged-access management (PAM) solution that centrally stores, rotates, and audits API secrets directly addresses the highest-ranked risk by reducing the chance that compromised credentials can be reused or remain undetected. While rate-limiting, encryption at rest, and multi-region failover are valuable, they primarily tackle availability threats or limit damage after data is already stolen. Therefore, prioritizing strong credential governance through PAM provides the greatest immediate risk reduction.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Privileged Access Management (PAM) and how does it secure API credentials?
Open an interactive chat with Bash
Why does stolen API credential risk outweigh denial-of-service (DoS) risk for ePHI systems?
Open an interactive chat with Bash
How does PAM compare to other controls like database encryption and failover in mitigating high-likelihood risks?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Architecture and Design
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .