Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

While designing a production Kubernetes cluster for a payment-processing platform, you must give operations staff access to the kube-api server and occasional SSH access to worker nodes. Policy states that management traffic must be isolated from customer workload traffic and continuously monitored. Which architectural choice BEST satisfies these requirements while honoring the principle of least privilege?

  • Keep management ports on the production network but restrict them with host-based firewall rules to specific administrator IP addresses.

  • Expose the Kubernetes dashboard on the existing public load balancer over TLS with client certificates for administrators.

  • Tunnel all management commands through the application's public REST API using HTTPS to avoid opening additional ports.

  • Place all management interfaces on a dedicated, isolated subnet reachable only through a hardened bastion host protected by multi-factor authentication.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Architecture and Design
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot