CompTIA Study Materials
AWS Study Materials
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA PenTest+ PT0-002 Practice Question

During a penetration test, you have identified that an organization's proprietary application lacks a proper secrets management solution. Sensitive data within the application, including database credentials, are stored in plaintext configuration files accessible by a number of services. In your final report to the client, which recommendation would best address this vulnerability?

  • Implementing a secrets management solution to centrally manage and securely store sensitive information

  • Storing the plaintext configuration files in a more secure directory on the server

  • Restricting file permissions on the configuration files to administrators only

  • Changing database credentials regularly without implementing a secrets management system

This question is for objective:
Reporting and Communication
Your Score:
Reporting and Communication
Information Gathering and Vulnerability Scanning
Attacks and Exploits
Tools and Code Analysis
Planning and Scoping