A security administrator at a financial institution discovers that developers have embedded credentials for a database service account directly in application code. Which of the following approaches would be MOST appropriate to address this security concern?
Implement a secrets management solution
Grant developers administrative access to service accounts
Create a shared spreadsheet for tracking service accounts
Change service account passwords quarterly instead of monthly
The correct answer is to implement a secrets management solution. Service accounts typically have elevated privileges and require special handling compared to regular user accounts. When service account credentials are hardcoded in application code, they present several security risks: they can be exposed to unauthorized users, cannot be easily rotated, and may lead to privilege escalation. A secrets management solution provides a centralized, secure way to store, access, and rotate credentials. This allows applications to retrieve credentials programmatically at runtime without embedding them in code, supports automated credential rotation, implements access controls over who can retrieve credentials, and maintains audit logs of credential access. This approach follows security best practices for service account management by ensuring credentials are protected, rotatable, and their usage is monitored.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a secrets management solution?
Open an interactive chat with Bash
Why is hardcoding credentials in application code a security risk?
Open an interactive chat with Bash
What are elevated privileges in the context of service accounts?
Open an interactive chat with Bash
ISC2 CISSP
Identity and Access Management (IAM)
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access