PT0-003 Question #284: Real Exam Question with Answer & Explanation

The correct answer is C: Repositories with secret keys. Publicly accessible code repositories (GitHub, GitLab, Bitbucket, etc.) frequently leak API keys, service account credentials, private keys, or other secrets embedded in source code, configuration files, CI/CD pipelines, or commit histories. These secrets can provide direct acces

Submitted by thandi_sa· Mar 6, 2026Reconnaissance and enumeration

Question

During a penetration test, the tester wants to obtain public information that could be used to compromise the organization's cloud infrastructure. Which of the following is the most effective resource for the tester to use for this purpose?

Options

ASensitive documents on a public cloud
BOpen ports on the cloud infrastructure
CRepositories with secret keys
DSSL certificates on websites

Explanation

Publicly accessible code repositories (GitHub, GitLab, Bitbucket, etc.) frequently leak API keys, service account credentials, private keys, or other secrets embedded in source code, configuration files, CI/CD pipelines, or commit histories. These secrets can provide direct access to cloud resources (storage blobs, databases, management APIs) and are therefore one of the most effective public sources for compromising cloud infrastructure.

Topics

#Cloud security#OSINT#Sensitive data exposure#Secret keys

Community Discussion

No community discussion yet for this question.

Full PT0-003 Practice Browse All PT0-003 Questions