Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your DevOps team is preparing to containerize a new application. To satisfy corporate secure-configuration policy, every container must begin from an approved baseline security configuration. Which practice best fulfills the definition of a baseline security configuration for these containers?

  • Build all containers from a centrally maintained, hardened golden image stored in version control and update it only through a formal change process.

  • Rely on a host-based intrusion detection system inside containers to spot and block malicious activity at runtime.

  • Include root SSH access enabled in the base image and instruct teams to disable it manually in production stages.

  • Allow each developer to craft images independently, provided an automated vulnerability scan is run before release.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Implementation
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot