ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-901 All Questions

View all questions & answers for the 350-901 exam
Go to Exam

Exam 350-901 topic 1 question 256 discussion

Actual exam question from Cisco's 350-901
Question #: 256
Topic #: 1
[All 350-901 Questions]



Refer to the exhibit. A developer created a Python script to retrieve information about Meraki devices in a local network deployment. After requesting a security review of the code, the security analyst has observed poor secret storage practices. What is the appropriate secret storage approach?

  • A. Set an OS environment variable for MER_API_KEY to the API key before running the code and no longer set MER_API_KEY within the code.
  • B. Leverage an external secret vault to retrieve MER_API_KEY and set the vault key as an OS environment variable before running the code.
  • C. Set the Base64 encoded version of the API key as MER_API_KEY in the code and Base64 decode before using in the header.
  • D. Leverage an external secret vault to retrieve MER_API_KEY and embed the vault key as a new variable before running the code.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by lznlxl at Jan. 17, 2023, 10:19 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
lznlxl
Highly Voted 1 year, 11 months ago
the answer should be B.
upvoted 17 times
MalonJay
1 year, 8 months ago
Correct
upvoted 2 times
AndyUK2022
11 months, 3 weeks ago
Sneaky, but B doesn't specifically state to remove the key from the source code.
upvoted 1 times
...
...
...
whipmuffin
Highly Voted 1 year, 7 months ago
Selected Answer: B
The appropriate secret storage approach depends on the specific use case and the security requirements of the application. However, in general, it is recommended to use an external secret vault to store sensitive data such as API keys and passwords. This approach provides a secure way of storing secrets by encrypting them before storing them on disk. The vault can be accessed by applications to retrieve the secrets when required. Option A is not recommended as it requires setting the API key as an environment variable which can be accessed by other applications running on the same machine. Option C is also not recommended as it requires hardcoding the API key in the code which can be easily accessed by anyone with access to the code. Option D is better than option A and C but still requires embedding the vault key in the code which can be accessed by anyone with access to the code. Option B is recommended as it provides a secure way of storing secrets by encrypting them before storing them on disk. The vault key can be set as an environment variable before running the code and can be accessed by the application to retrieve the secrets when required.
upvoted 7 times
...
814d1c6
Most Recent 4 months, 4 weeks ago
Selected Answer: B
B is the most secure, A is also an option but not the most secure in this way.
upvoted 1 times
...
sasd
1 year, 1 month ago
Anwser should B as D is incorrect: D. Leverage an external secret vault and embed the vault key as a new variable: Embedding the vault key as a new variable in the code can be a security risk, as it reintroduces the possibility of exposing sensitive information. It is generally preferable to keep the vault key separate from the application code.
upvoted 1 times
...
pedromarase
1 year, 11 months ago
Selected Answer: D
I go for D. Vaulting is the safest and it's nonsense to place it in an env variable
upvoted 5 times
kirrim
1 year, 2 months ago
This one is subject to interpretation: "embed the vault key as a new variable before running the code" If that means pasting in the vault key as a variable directly in readable text in the code, then that's pretty much what was already done in the current code, and is insecure. But if the question writer intended this to mean taking a different approach, and fetching the vault key value from the vault at the top of the code and storing the result as a variable, and then using that variable in the code below, then that is absolutely more secure, and a better way to go. Since the fact that D is even written as an alternative choice to what was originally done, I'm going to go with the latter choice, and assume that's what they intended. So I agree with you, D is the best choice. But wow, that answer choice should have been written a little more clearly!
upvoted 1 times
...
jithin1234
1 year, 8 months ago
embed the vault key as a new variable before running the code. this is security risk. so b is correct
upvoted 5 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel