Browse Certification Practice Tests by Exam Family

GIAC GCSA Sample Questions & Practice Test

May 1, 2026

Try 12 GIAC Cloud Security Automation (GCSA) sample questions and practice-test preview prompts on infrastructure-as-code scanning, CI/CD gates, secrets management, policy as code, automated remediation, and evidence.

On this page

GIAC Cloud Security Automation (GCSA) is a cloud-security automation route for candidates who use infrastructure-as-code, CI/CD controls, policy-as-code, automated evidence, secrets management, and remediation workflows to improve security at scale.

Use this page to preview the kind of automation decisions a GCSA practice route should test. The questions below are original IT Mastery sample questions, not official GIAC exam questions.

What this route should test

  • using automation to prevent, detect, and remediate cloud misconfiguration
  • applying policy-as-code and CI/CD gates without blocking every safe delivery path
  • protecting secrets, identities, and automation runners
  • producing useful evidence for review, incident response, and governance

Sample Exam Questions

Question 1

Topic: infrastructure-as-code scanning

A team wants to catch public storage buckets before deployment. Where should the control run?

  • A. Only after a breach report
  • B. In an annual architecture meeting only
  • C. In the CI/CD workflow or pull-request process with policy checks before deployment
  • D. On a developer’s memory of the standard

Best answer: C

Explanation: IaC scanning is most useful before misconfigurations reach production. Pull-request and pipeline checks provide early feedback.

Question 2

Topic: CI/CD gates

A policy gate blocks every deployment when any low-severity warning appears. What is the best improvement?

  • A. Remove all gates permanently
  • B. Let developers bypass all security controls
  • C. Hide warnings in logs
  • D. Tune gates by severity, risk, exception workflow, and environment so critical issues stop release while lower-risk findings are triaged

Best answer: D

Explanation: Gates should be risk-based. Overly broad blocking creates friction and encourages bypasses; tuned gates preserve delivery and control.

Question 3

Topic: secrets management

A pipeline stores long-lived cloud administrator keys as plain environment variables. What should be changed?

  • A. Use a managed secrets system or workload identity, rotate exposed keys, scope permissions, and audit access
  • B. Rename the variables
  • C. Add the keys to documentation
  • D. Disable pipeline logs only

Best answer: A

Explanation: Automation secrets need strong storage, scoped access, rotation, and auditing. Long-lived broad keys create high compromise risk.

Question 4

Topic: cloud automation

An automated job remediates public security groups by deleting rules immediately. What risk must be considered?

  • A. Automation always makes changes safely
  • B. Remediation can break production if context, approval, exception handling, and rollback are not designed
  • C. Public rules are never risky
  • D. Manual review is illegal

Best answer: B

Explanation: Automated remediation can reduce exposure but must include safeguards. Context, approvals, exceptions, and rollback matter.

Question 5

Topic: policy as code

What is the main advantage of policy-as-code for cloud security?

  • A. It makes security rules versioned, testable, reviewable, and repeatable across environments
  • B. It eliminates the need for human review
  • C. It guarantees no future misconfiguration
  • D. It works only for physical data centers

Best answer: A

Explanation: Policy-as-code improves consistency and reviewability. It does not replace governance or guarantee perfect security.

Question 6

Topic: remediation workflow

A posture tool finds unencrypted storage across many accounts. What should automated remediation include?

  • A. Immediate deletion of all storage resources
  • B. Silent changes with no owner notification
  • C. No evidence capture
  • D. Owner notification, safe remediation steps, exception handling, evidence logging, and verification

Best answer: D

Explanation: Remediation should correct risk while preserving accountability and avoiding unnecessary disruption. Verification proves the fix worked.

Question 7

Topic: identity automation

A script creates cloud roles for new projects. What should be built into the automation?

  • A. Least-privilege role templates, approval or review where needed, naming standards, and audit evidence
  • B. Administrator access for every new role
  • C. Shared static credentials for all projects
  • D. No logs because automation is trusted

Best answer: A

Explanation: Identity automation should encode least privilege and governance. It should create reviewable evidence rather than hidden privilege growth.

Question 8

Topic: container scanning

A build pipeline scans container images but allows deployment even when critical exploitable vulnerabilities are found. What should be improved?

  • A. Disable scanning
  • B. Add risk-based fail conditions, exception workflow, and remediation guidance for critical findings
  • C. Move findings to a private spreadsheet only
  • D. Ignore base-image updates

Best answer: B

Explanation: Scanning must influence decisions. Critical exploitable findings should have clear gates, exceptions, and remediation paths.

Question 9

Topic: drift detection

An engineer manually changes a production cloud resource outside the approved IaC process. Which control helps detect this?

  • A. Drift detection that compares deployed resources to approved configuration state
  • B. Longer resource names only
  • C. Disabling change logs
  • D. Using one shared administrator account

Best answer: A

Explanation: Drift detection identifies configuration changes that diverge from approved state. It supports investigation and reconciliation.

Question 10

Topic: least privilege

An automation runner deploys one application but has permissions across every cloud account. What is the best correction?

  • A. Give the runner root access
  • B. Store runner credentials in source code
  • C. Disable deployment logs
  • D. Scope the runner identity to required environments and actions, and separate duties where needed

Best answer: D

Explanation: Automation identities should be scoped like human identities. Broad runner privileges can turn a pipeline compromise into cloud-wide compromise.

Question 11

Topic: incident playbooks

How can automation support cloud incident response?

  • A. Collect evidence, snapshot resources where appropriate, isolate affected assets, rotate credentials, and preserve audit trails through approved playbooks
  • B. Delete all logs automatically
  • C. Disable identity controls during incidents
  • D. Make public changes without approval

Best answer: A

Explanation: Response automation should speed repeatable actions while preserving evidence and governance. Destructive automation without approval is risky.

Question 12

Topic: evidence

Why should automated security workflows store decision evidence?

  • A. Evidence makes controls unnecessary
  • B. Evidence supports review, audit, troubleshooting, incident analysis, and tuning of future automation
  • C. Evidence should never be available to reviewers
  • D. Evidence proves every finding is correct

Best answer: B

Explanation: Evidence makes automated decisions inspectable. It supports governance and helps teams improve rules over time.

Quick readiness checklist

If you miss…Drill this next
pipeline questionsCI/CD gates, severity thresholds, and exceptions
IaC questionsscanning, policy-as-code, drift detection, and review workflow
secrets questionsvaulting, workload identity, rotation, and auditability
remediation questionsowner notification, rollback, evidence, and verification
Revised on Monday, May 18, 2026
GCLD
GPEN