nerdexam
ExamsCV0-003Questions#853
CompTIA

CV0-003 · Question #853

CV0-003 Question #853: Real Exam Question with Answer & Explanation

The correct answer is A: Rotating the account credentials. The attack pattern - compromise occurring after each new application version deployed from a cloud code repository - strongly suggests credentials are being exposed in source code or deployment artifacts. Rotating credentials after each incident invalidates any leaked secrets.

Security

Question

A security analyst is investigating incidents in which attackers are able to access sensitive data from a corporate application's database. The attacks occur periodically and usually after the release of a new application's version. The following log confirms the compromise: The following actions are made after every incident occurrence: - Validation of firewall rules - Scripted rebuild of the database and web instances - Application deployment from a cloud code repository Which of the following actions will most likely prevent future compromises?

Options

  • ARotating the account credentials
  • BMigrating the database to be on premises
  • CForbidding the use of API calls to retrieve data
  • DImplementing a new database service account

Explanation

The attack pattern - compromise occurring after each new application version deployed from a cloud code repository - strongly suggests credentials are being exposed in source code or deployment artifacts. Rotating credentials after each incident invalidates any leaked secrets.

Common mistakes.

  • B. Migrating the database on premises does not address the root cause of credential exposure during application deployments and introduces new operational complexity.
  • C. Forbidding API calls to retrieve data would break the application's core functionality and does not address the credential exposure vector.
  • D. Creating a new database service account is a one-time action that does not prevent future credential leakage if the underlying practice of exposing credentials in code or deployment pipelines continues.

Concept tested. Credential rotation to remediate secrets exposure

Reference. https://learn.microsoft.com/en-us/azure/key-vault/general/best-practices

Topics

#credential rotation#database security#vulnerability remediation#application security

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CV0-003 Practice
A security analyst is investigating incidents in which attackers... | CV0-003 Q#853 Answer | NerdExam