Free CompTIA PenTest+ PT0-002 Practice Question

During a penetration test, you have identified that an organization's proprietary application lacks a proper secrets management solution. Sensitive data within the application, including database credentials, are stored in plaintext configuration files accessible by a number of services. In your final report to the client, which recommendation would best address this vulnerability?

  • Implementing a secrets management solution to centrally manage and securely store sensitive information

  • Restricting file permissions on the configuration files to administrators only

  • Changing database credentials regularly without implementing a secrets management system

  • Storing the plaintext configuration files in a more secure directory on the server

This question's topic:
CompTIA PenTest+ PT0-002 / 
Reporting and Communication
Your Score:

Check or uncheck an objective to set which questions you will receive.