nerdexam
CompTIA

CV0-002 · Question #596

CV0-002 Question #596: Real Exam Question with Answer & Explanation

The correct answer is A. Create four users and use their credentials in the application.. For a multi-tier application requiring ACL policies for cloud services, creating distinct service identities for each tier offers the most efficient and secure way to manage permissions.

Security

Question

A company is deploying a new public cloud, multi-tier application and needs to set ACL policies to grant permissions to the cloud provider's services on which the application depends. Each tier in the application depends on a number of services: Which of the following is the MOST efficient, while providing a secure and functioning application?

Exhibit

CV0-002 question #596 exhibit

Options

  • ACreate four users and use their credentials in the application.
  • BCreate a unique policy for each application tier.
  • CCreate a policy for the application and grant access to A, B, and C.
  • DCreate three policies, one for each unique dependency scenario.

Explanation

For a multi-tier application requiring ACL policies for cloud services, creating distinct service identities for each tier offers the most efficient and secure way to manage permissions.

Common mistakes.

  • B. Simply creating policies is insufficient; these policies must be attached to an identity (user, role, or group) that the application tier can assume to gain permissions, making this an incomplete solution.
  • C. Creating a single, broad policy for the entire application violates the principle of least privilege, granting unnecessary permissions to components that don't require them and thus increasing the security risk.
  • D. Similar to option B, creating policies alone is incomplete; they must be associated with specific identities that the application uses to interact with services to be effective.

Concept tested. Cloud IAM Principle of Least Privilege with Service Identities

Reference. https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege

Topics

#IAM policies#least privilege#service accounts#application security

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CV0-002 Practice