nerdexam
(ISC)2

CISSP · Question #1054

An attacker has intruded into the source code management system and is able to download but not modify the code. Which of the following aspects of the code theft has the HIGHEST security impact?

The correct answer is D. Administrative credentials or keys hard-coded within the stolen code could be used to access. Hard-coded credentials or keys in the source code represent a critical security vulnerability. If an attacker gains access to the source code and finds such sensitive information, they could potentially use it to gain unauthorized access to databases, servers, or other critical s

Submitted by andreas_gr· Mar 5, 2026Software Development Security

Question

An attacker has intruded into the source code management system and is able to download but not modify the code. Which of the following aspects of the code theft has the HIGHEST security impact?

Options

  • AThe attacker could publicly share confidential comments found in the stolen code.
  • BCompetitors might be able to steal the organization's ideas by looking at the stolen code.
  • CA competitor could run their own copy of the organization's website using the stolen code.
  • DAdministrative credentials or keys hard-coded within the stolen code could be used to access

How the community answered

(43 responses)
  • A
    26% (11)
  • B
    7% (3)
  • C
    12% (5)
  • D
    56% (24)

Explanation

Hard-coded credentials or keys in the source code represent a critical security vulnerability. If an attacker gains access to the source code and finds such sensitive information, they could potentially use it to gain unauthorized access to databases, servers, or other critical systems, leading to a breach of sensitive data or systems. While other options (like sharing confidential comments, stealing ideas, or running a competitor's copy of the website) can have negative business and reputational consequences, they do not pose as immediate and severe a threat to the security of sensitive systems and data as the potential use of hard-coded credentials.

Topics

#source code security#data breach#hard-coded credentials#supply chain attacks

Community Discussion

No community discussion yet for this question.

Full CISSP Practice