Developing Applications and Automating Workflows Using Cisco Platforms (DEVASC) — Question 187

A developer creates a web application that receives a username and password and uses them to sync the credentials to other services through HTTPS. API keys to services are part of the configuration files of the application, but the credentials to the database that stores the synchronization logs are obtained through an external vault service. What is the security issue in this scenario?

Answer options

• A. Communication between the application and the services is not encrypted.
• B. The database credentials should be stored in the configuration files so that they are secured on the same server.
• C. The API keys are stored in the configuration files but should be stored in the vault service.
• D. The synchronization logs should be encrypted and not stored in a relational database.

Correct answer: C

Explanation

The correct answer is C because API keys, like database credentials, should be stored securely in a vault service instead of hardcoded in configuration files. Option A is incorrect as the communication is encrypted via HTTPS. Option B is also wrong because storing database credentials in configuration files poses a security risk. Option D, while valid, does not address the primary concern regarding the handling of API keys.