A developer wants to let a script sign in automatically to a company’s environment. Which method best ensures secure credentials and reduces unauthorized use?
Embed credentials in environment variables encrypted at rest on the system
Insert a static key in the code that is hashed to discourage plain-text extraction
Create login information in the web console’s user profile and reference it within the script
Obtain short-lived credentials from a dedicated vault that provides rotating tokens for the script
Using short-lived tokens generated by a credential manager lowers the chance of leaked or static credentials being misused. Hardcoding a key in a script is an easy target for reverse-engineering. Storing credentials in an environment variable, even if encrypted at rest, can expose them if the host is compromised. Keeping credentials in a user profile attached to the environment’s management console is not intended for automated processes and poses higher risk. Ephemeral tokens that expire reduce potential damage from unauthorized disclosure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are short-lived credentials, and why are they secure?
Open an interactive chat with Bash
What is a credential manager or vault, and how does it work?
Open an interactive chat with Bash
Why is embedding static credentials or keys in code insecure?
Open an interactive chat with Bash
CompTIA Cloud+ CV0-004
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access