CompTIA PenTest+ PT0-002 Practice Question

During a penetration test, you have identified that an organization's proprietary application lacks a proper secrets management solution. Sensitive data within the application, including database credentials, are stored in plaintext configuration files accessible by a number of services. In your final report to the client, which recommendation would best address this vulnerability?

  • Storing the plaintext configuration files in a more secure directory on the server

  • Implementing a secrets management solution to centrally manage and securely store sensitive information

  • Restricting file permissions on the configuration files to administrators only

  • Changing database credentials regularly without implementing a secrets management system

CompTIA PenTest+ PT0-002
Reporting and Communication
Your Score:
Settings & Objectives

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot
AI Bot