The correct option is Using a single shared engineering login for all developers.

This practice is least effective because it removes individual accountability and prevents accurate auditing of actions in the SDLC. Shared credentials make it difficult to trace who made specific changes and they increase the risk of credential compromise. They also work against strong controls like unique identities, multifactor authentication, and role based access which are important for secure development workflows.

Integrating automated security scans into the CI CD pipeline is not correct because automated scans help find vulnerabilities early in the development process and they enable a shift left approach. Scans such as static analysis, dependency checks, and dynamic tests reduce the chance of defects reaching production.

Granting developers and operators only the minimum permissions they need is not correct because the principle of least privilege reduces the attack surface and limits the blast radius of any compromised account. Limiting permissions is a foundational access control practice for securing an SDLC.

Providing regular hands on security training for the development team is not correct because training increases secure coding skills and awareness of common threats. Practical exercises help developers apply security controls and reduce the likelihood of introducing vulnerabilities.

Full AWS Practitioner Certification Question