During a penetration test, you are reviewing a client's private Git repository. The client wants to know whether any credentials, API tokens, or other secrets have ever been committed, but they do not want you to execute code or perform runtime testing. Which type of assessment technique will most efficiently satisfy this requirement?
A pattern-driven inspection that parses revision history for sensitive content
An interactive method that probes application responses using crafted inputs
A container-centric assessment that detects open ports in running services
A wireless-based procedure that checks for leaked identifiers on local channels
A pattern-driven inspection of the repository, often called secret scanning, parses both the current files and the entire Git revision history for strings that match credential patterns or exhibit high entropy, such as API keys, database passwords, and OAuth tokens. Because the process works on code at rest and never executes the application, it meets the client's requirement to avoid runtime interaction. Interactive application tests, container port enumerations, and wireless channel sweeps all operate on running targets and would miss secrets that are only present in committed source files.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a pattern-driven inspection in a repository review?
Open an interactive chat with Bash
Why is it important to parse revision history when inspecting repositories?
Open an interactive chat with Bash
How does pattern-driven inspection differ from runtime checks?