A finance firm has reused the same encrypted secrets for years. The security staff is looking for a way to limit exposure if those secrets become known to unauthorized parties. What measure helps reduce the impact of a breach?
Implement an automated rotation schedule to replace older secrets on a defined timeline.
Split the current keys into multiple parts across several vault locations.
Enable an additional hardware module to restrict unauthorized database connections.
Extend existing secrets by increasing their length and strengthening passphrases.
Replacing older secrets on a schedule shortens the time they are valid and reduces risk. Storing or splitting them in multiple locations does not address extended reuse. Increasing length with stronger passphrases might raise difficulty but does not limit prolonged validity. Additional hardware can help isolate data but does not address consistency in refreshing those credentials.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is automated rotation of secrets important?
Open an interactive chat with Bash
What is the difference between rotating secrets and increasing their length?
Open an interactive chat with Bash
How does splitting keys across vaults compare to secret rotation?