Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your team is automating cloud infrastructure deployment with Terraform in a CI/CD pipeline. Static cloud-provider API keys are currently committed to the source repository. To comply with secure automated provisioning requirements, which action is most appropriate before the next release?

  • Create a dedicated IAM user with permanent access keys and restrict repository access to infrastructure engineers only.

  • Embed the keys inside Terraform modules but require peer reviews before merging into the main branch.

  • Commit the keys as base64-encoded variables so they are not readable in plain text.

  • Configure the pipeline to request temporary, short-lived cloud credentials from a trusted secrets or identity service at runtime instead of storing permanent keys.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Deployment, Operations, Maintenance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot