CAS-005 · Question #387
CAS-005 Question #387: Real Exam Question with Answer & Explanation
The correct answer is A: Use a secrets management tool.. A secrets management tool is the most appropriate solution for securely managing and storing secrets (such as API keys, passwords, or tokens) in the new containerized environment. Secrets management tools, such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault, provide
Question
A security architect recommends replacing the company's monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files. Which of the following changes should the security architect make in the new system?
Options
- AUse a secrets management tool.
- BSave secrets in key escrow.
- CStore the secrets inside the Dockerfiles.
- DRun all Dockerfiles in a randomized namespace.
Explanation
A secrets management tool is the most appropriate solution for securely managing and storing secrets (such as API keys, passwords, or tokens) in the new containerized environment. Secrets management tools, such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault, provide secure storage, access control, and audit logs for secrets. They are designed to manage secrets in a way that avoids hardcoding sensitive data in configuration files or Dockerfiles, which could be exposed or compromised.
Community Discussion
No community discussion yet for this question.