Certificate of Cloud Security Knowledge (CCSK) — Question 195

How can you reduce the blast radius if an attacker compromises one system?

Answer options

• A. Configure distinct firewall rules
• B. Configure applications on distinct virtual networks only connecting where needed
• C. Configure role-based access controls
• D. Configure a default deny
• E. Use different cloud providers

Correct answer: B

Explanation

The correct answer, B, ensures that applications are segmented into isolated virtual networks, limiting an attacker's ability to move laterally. While options A, C, and D enhance security, they do not create the necessary isolation that B provides. Option E, while it can be beneficial, does not directly address the blast radius of a compromised system.