ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your security team audits an Amazon EC2-based application that reads a YAML configuration file on each instance to obtain database credentials. Finding that the file is world-readable, they ask you to redesign the solution to maximize confidentiality and comply with the principle of least privilege. Which approach best satisfies both requirements without adding unnecessary components or complexity?
Hard-code the credentials in the application source code and use code obfuscation to prevent disclosure.
Store the credentials in AWS Secrets Manager and attach an instance IAM role that is limited to the GetSecretValue action for that specific secret.
Keep the credentials on disk but change the file permissions to 600 so only the root user can read it.
Upload the credentials to a private S3 bucket and grant the entire VPC permission to download the object through a VPC endpoint.
Moving the credentials out of the instance file system and into AWS Secrets Manager protects confidentiality by keeping the secret encrypted at rest and in transit. By attaching an instance profile (IAM role) that is allowed to perform only the GetSecretValue action on that single secret, the application receives exactly the permissions it needs-no more and no less-satisfying the principle of least privilege. Simply tightening on-instance file permissions still exposes the secret to anyone with root access, while placing the secret in a broadly accessible S3 bucket or hard-coding it in source code increases exposure and violates least-privilege goals.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Secrets Manager?
Open an interactive chat with Bash
What is the principle of least privilege?
Open an interactive chat with Bash
What is the significance of IAM roles in AWS for EC2 instances?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .