200-901 · Question #299
200-901 Question #299: Real Exam Question with Answer & Explanation
Sign in or unlock 200-901 to reveal the answer and full explanation for question #299. The question stem and answer options stay visible for context.
Question
A developer pushes an application to production. The application receives a webhook over HTTPS without a secret. The webhook information contains credentials to service in cleartext. When the information is received, it is stored in the database with an SHA-256 hash. Credentials to the database are accessed at runtime through the use of a vault service. While troubleshooting, the developer sets the logging to debug to view the message from the webhook. What is the security issue in this scenario?
Options
- ADatabase credentials should be accessed by using environment variables defined at runtime.
- BDuring the transport of webhook messages, the credentials could be unencrypted and leaked.
- CDuring logging, debugging should be disabled for the webhook message.
- DHashing the credentials in the database is not secure enough; the credentials should be
Unlock 200-901 to see the answer
You've previewed enough free 200-901 questions. Unlock 200-901 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.