A team is deploying ephemeral code in a multi-tenant setup to process files containing sensitive details. Which preparation best enhances data security and limits exposure to other tenants?
Grant wide-ranging access privileges to the ephemeral code
Save incoming files as plain data in a shared storage area
Apply a single shared encryption key for every code deployment
Assign a designated identity with tightly scoped permissions to this ephemeral code
Ephemeral code, especially in multi-tenant environments, should operate under the principle of least privilege using narrowly scoped identities. This reduces the risk of unauthorized lateral access or accidental exposure of sensitive data to other tenants. Storing unencrypted data or granting broad permissions increases attack surface area. Likewise, reusing shared encryption keys across deployments introduces cryptographic risk by enabling key compromise to affect all related sessions. The best practice is to tightly bind access permissions to minimal operational needs and isolate identity usage per deployment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.