CISSP · Question #1054
An attacker has intruded into the source code management system and is able to download but not modify the code. Which of the following aspects of the code theft has the HIGHEST security impact?
The correct answer is D. Administrative credentials or keys hard-coded within the stolen code could be used to access. Hard-coded credentials or keys in the source code represent a critical security vulnerability. If an attacker gains access to the source code and finds such sensitive information, they could potentially use it to gain unauthorized access to databases, servers, or other critical s
Question
Options
- AThe attacker could publicly share confidential comments found in the stolen code.
- BCompetitors might be able to steal the organization's ideas by looking at the stolen code.
- CA competitor could run their own copy of the organization's website using the stolen code.
- DAdministrative credentials or keys hard-coded within the stolen code could be used to access
How the community answered
(43 responses)- A26% (11)
- B7% (3)
- C12% (5)
- D56% (24)
Explanation
Hard-coded credentials or keys in the source code represent a critical security vulnerability. If an attacker gains access to the source code and finds such sensitive information, they could potentially use it to gain unauthorized access to databases, servers, or other critical systems, leading to a breach of sensitive data or systems. While other options (like sharing confidential comments, stealing ideas, or running a competitor's copy of the website) can have negative business and reputational consequences, they do not pose as immediate and severe a threat to the security of sensitive systems and data as the potential use of hard-coded credentials.
Topics
Community Discussion
No community discussion yet for this question.