Certificate of Cloud Security Knowledge (CCSK) — Question 136

What can be implemented to help with account granularity and limit blast radius with IaaS an PaaS?

Answer options

• A. Maintaining tight control of the primary account holder credentials
• B. Configuring secondary authentication
• C. Implementing least privilege accounts
• D. Establishing multiple accounts
• E. Configuring role-based authentication

Correct answer: D

Explanation

Establishing multiple accounts allows for better separation of resources and responsibilities, thereby reducing the impact of a compromised account, which directly addresses the need for account granularity and limiting blast radius. The other options, while important for security, do not provide the same level of isolation and control as managing multiple accounts does.