PT0-002 Question #301: Real Exam Question with Answer & Explanation

Question

A penetration tester uncovers access keys within an organization's source code management solution. Which of the following would BEST address the issue? (Choose two.)

Options

• ASetting up a secret management solution for all items in the source code management system
• BImplementing role-based access control on the source code management system
• CConfiguring multifactor authentication on the source code management system
• DLeveraging a solution to scan for other similar instances in the source code management system
• EDeveloping a secure software development life cycle process for committing code to the source
• FCreating a trigger that will prevent developers from including passwords in the source code

Explanation

{"question_number": 9, "correct_answer": "A and E", "explanation": "Finding hardcoded access keys in source code represents both an immediate exposure risk and a process failure. Setting up a secret management solution (A) - such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault - directly remediates the root cause by providing a secure, centralized location for secrets so they no longer need to appear in code. Developing a secure SDLC process (E) addresses the systemic process failure by instituting coding standards, developer training, and mandatory reviews that prevent secrets from being committed in the future. The other options - RBAC (B), MFA (C), and scanning (D) - are valuable controls but do not directly fix either the exposure or the broken development process. Option F (commit triggers) is a useful preventive control but alone does not address secrets already exposed or establish a comprehensive secure development culture.", "generated_by": "claude-sonnet", "llm_judge_score": 5}

No community discussion yet for this question.