CompTIA PenTest+ PT0-002 Practice Question

During a penetration test, you have identified that an organization's proprietary application lacks a proper secrets management solution. Sensitive data within the application, including database credentials, are stored in plaintext configuration files accessible by a number of services. In your final report to the client, which recommendation would best address this vulnerability?

  • Restricting file permissions on the configuration files to administrators only

  • Storing the plaintext configuration files in a more secure directory on the server

  • Implementing a secrets management solution to centrally manage and securely store sensitive information

  • Changing database credentials regularly without implementing a secrets management system

CompTIA PenTest+ PT0-002
Reporting and Communication
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot
AI Bot