A penetration tester uncovers access keys within an organization's source code management solution. Which of the following would BEST address the issue? (Choose two.)
A.
Setting up a secret management solution for all items in the source code management system
B.
Implementing role-based access control on the source code management system
C.
Configuring multifactor authentication on the source code management system
D.
Leveraging a solution to scan for other similar instances in the source code management system
E.
Developing a secure software development life cycle process for committing code to the source code management system
F.
Creating a trigger that will prevent developers from including passwords in the source code management system
A. Setting up a secret management solution for all items in the source code management system and
E. Developing a secure software development life cycle process for committing code to the source code management system. A secret management solution will ensure that the access keys are securely stored and not accidentally exposed. Additionally, a secure software development life cycle process will help ensure that items such as access keys are not added to the source code management system in the first place. The other options will also help to secure the source code management system, but will not address the issue of the exposed access keys directly.
What a ridiculous question, irl the tester could recommend all of these and prioritise them. CompTIA expects every company to act the same way, this question is written with the purpose of failing students and conning them into buying another test.
A. Setting up a secret management solution for all items in the source code management system:
• A secret management solution ensures that sensitive information such as access keys, passwords, and tokens are stored securely and managed properly. This prevents such secrets from being hard-coded in the source code, thereby enhancing security.
D. Leveraging a solution to scan for other similar instances in the source code management system:
• Using a scanning solution to identify and flag instances where secrets like access keys are embedded in the source code helps in identifying existing vulnerabilities and preventing new ones. This proactive measure helps in maintaining a secure codebase by continuously monitoring for such issues.
Not
C. Configuring multifactor authentication on the source code management system:
• Multifactor authentication (MFA) enhances the security of access to the source code management system but does not resolve the problem of secrets being embedded in the source code.
B. RBAC restricts access to specific parts of the codebase based on a user's role
D. A scanning tool can efficiently identify all occurrences of access keys within the codebase.
Setting up a secret management solution helps by securely storing, accessing, and managing secrets, like API keys and credentials, outside of the source code. This reduces the risk of sensitive information being exposed within the codebase.
Leveraging a scanning solution to find similar instances ensures that any existing secrets mistakenly committed to the source code can be identified and appropriately handled, preventing potential security breaches.
Access keys found within an organization's source code management solution present a security risk, as they may allow unauthorized access to sensitive resources. To address this issue, the organization would need to prevent such keys from being stored in the source code and also ensure that any existing keys are detected and handled properly.
The BEST options to address this issue would be A and D
A and D would be the BEST options to address the issue.
A secret management solution would help protect sensitive information like access keys in the source code management system. A solution to scan for other similar instances of sensitive information would help identify any other instances of access keys that may be present in the system.
B, C, E, and F are also important security measures that can be implemented, but they may not directly address the issue of uncovered access keys in the source code management system.
B, role-based access control, could help prevent unauthorized access to the source code management system.
C, multifactor authentication, could help improve the security of the login process to the source code management system.
E, a secure software development life cycle process, could help prevent the introduction of vulnerabilities into the source code management system.
F, a trigger to prevent developers from including passwords, could help prevent future instances of passwords being included in the source code management system.
Configuring multifactor authentication (C) adds an additional layer of security to the source code management system, making it more difficult for unauthorized individuals to access sensitive information like access keys. Developing a secure software development life cycle process for committing code to the source code management system (E) ensures that security is considered at every stage of the development process, reducing the risk of future security vulnerabilities.
Implementing role-based access control on the source code management system (B) would limit the number of people who have access to the sensitive information like access keys, while developing a secure software development life cycle process for committing code to the source code management system (E) would help prevent similar issues from occurring in the future.
Some possible options for addressing the issue of access keys within an organization’s SCM solution are:
Setting up a secret management solution for all items in the SCM system: This is a tool or service that securely stores, manages, and distributes secrets such as access keys, passwords, tokens, certificates, etc. A secret management solution can help prevent secrets from being exposed in plain text within the source code or configuration files3456.
Developing a secure software development life cycle (SDLC) process for committing code to the SCM system: This is a framework or methodology that defines how software is developed, tested, deployed, and maintained. A secure SDLC process can help ensure that best practices for security are followed throughout the software development process, such as code reviews, static analysis tools, vulnerability scanning tools, etc. A secure SDLC process can help detect and prevent access keys from being included in the source code before they are committed to the SCM system1.
A and E is correct
Access keys are credentials that allow users to authenticate and authorize requests to a source code management (SCM) system, such as GitLab or AWS. Access keys should be kept secret and not exposed in plain text within the source code, as this can compromise the security and integrity of the SCM system and its data.
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
nickwen007
Highly Voted 2 years, 1 month ago[Removed]
2 years, 1 month agokinny4000
Most Recent 2 months, 2 weeks agoEtc_Shadow28000
9 months, 3 weeks agoEtc_Shadow28000
9 months, 3 weeks agoPaula77
9 months, 3 weeks ago041ba31
1 year, 1 month agoLiveLaughToasterBath
1 year, 2 months agoDRVision
1 year, 5 months agosolutionz
1 year, 8 months agokips
1 year, 9 months ago[Removed]
2 years agocy_analyst
2 years agocy_analyst
2 years, 1 month ago[Removed]
2 years, 1 month agocy_analyst
2 years agoRob69420
2 years, 1 month agoKingIT_ENG
2 years, 1 month agoKingIT_ENG
2 years, 1 month ago[Removed]
2 years, 1 month ago[Removed]
2 years, 1 month ago[Removed]
2 years, 1 month ago[Removed]
2 years, 1 month ago