An organization is adopting ephemeral credentials for inter-container communication. During testing, the security team discovers older credentials continue to function beyond their permitted time. Which measure ensures that outdated credentials are invalidated once their usage timeframe is exceeded?
Count on standard session termination to remove them completely
Increase the validity period to decrease recurring expiration issues
Place them into environment variables during each start of a service
Maintain a shared revocation list that marks them unusable after their allotted period
A centralized method that tracks each credential and marks it unusable after the designated time prevents unintended reuse across systems. Extending the expiration period does not address the risk of old credentials still being recognized. Relying on a local restart or an operating system setting does not systematically invalidate credentials in all environments, which leaves them vulnerable to misuse.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an ephemeral credential?
Open an interactive chat with Bash
How does a shared revocation list work?
Open an interactive chat with Bash
Why is extending the validity period unsafe for credentials?