Exam SY0-601 topic 1 question 712 discussion

A. Code repositories Commonly, unintentional corporate credential leakage in cloud environments can occur through code repositories. Developers and teams often store code, configuration files, and other sensitive information in repositories like GitHub, Bitbucket, or GitLab. If these repositories are not properly secured or if sensitive data is inadvertently included in code commits, it can lead to credential exposure. Attackers might search public repositories for such information, potentially gaining unauthorized access to corporate resources. The other options (B. Dark web, C. Threat feeds, D. State actors, E. Vulnerability databases) are not typically sources of unintentional corporate credential leakage but rather relate to different aspects of cybersecurity, threat intelligence, and actors involved in cyberattacks.

Its def A because proper and secure coding practice is important. There would be config files that would have database url and logins or if a service is making a communication with another service and if a secure coding isn't in practice then those credentials/communications would be easily seen which makes it vulnerable.

Why not Vulnerability databases?

A. Code repositories: Developers sometimes inadvertently include sensitive information, such as API keys, passwords, and other credentials, in their code. When this code is pushed to public repositories (e.g., GitHub, GitLab), those credentials can be exposed to the world, leading to potential credential leakage.

A is correct darkweb is where we find "have I been hacked" / the question ask for the main root cause of leakage

B - dark web