PT0-002 · Question #575
PT0-002 Question #575: Real Exam Question with Answer & Explanation
The correct answer is B: Public repositories. API keys and tokens are often inadvertently exposed in public repositories such as GitHub, GitLab, or Bitbucket. Developers sometimes mistakenly include sensitive credentials, such as API keys or tokens, in their code and then upload it to public repositories without proper revie
Question
During an assessment, a penetration tester is looking for API keys and tokens for an application so the tester can access the application. Which of the following is the most likely location for the keys and tokens?
Options
- ARobots.txt file
- BPublic repositories
- CFile metadata
- DPassword dumps
Explanation
API keys and tokens are often inadvertently exposed in public repositories such as GitHub, GitLab, or Bitbucket. Developers sometimes mistakenly include sensitive credentials, such as API keys or tokens, in their code and then upload it to public repositories without proper review or Penetration testers commonly search these repositories for exposed credentials using tools or
Topics
Community Discussion
No community discussion yet for this question.