PT0-002 · Question #515
PT0-002 Question #515: Real Exam Question with Answer & Explanation
The correct answer is C: Secrets management solution. The core issue is the insecure storage and exposure of a service account key on an intranet site, which a secrets management solution directly addresses.
Question
During an assessment, a penetration tester was able to get access on all target servers by attempting authentication using a service account key that was published on the intranet site as part of a standard procedure. Which of the following should the penetration tester recommend for this type of finding?
Options
- APassword encryption
- BRole-based access control
- CSecrets management solution
- DTime-of-day restrictions
Explanation
The core issue is the insecure storage and exposure of a service account key on an intranet site, which a secrets management solution directly addresses.
Common mistakes.
- A. Password encryption is generally applied to user passwords, but the problem states a "service account key" and its exposure on an intranet site, which encryption alone for the key doesn't fully solve the insecure storage problem.
- B. Role-based access control (RBAC) manages permissions for users and roles, but it does not directly address the secure storage and distribution of service account keys themselves.
- D. Time-of-day restrictions limit when an account can be used, but they do not prevent an exposed key from being used during permitted hours or address the insecure storage of the key.
Concept tested. Secure management of application secrets and credentials
Topics
Community Discussion
No community discussion yet for this question.