Implementing DevOps Solutions and Practices Using Cisco Platforms (DEVOPS) — Question 51

A security team is running vulnerability scans against a CI/CD pipeline. The reports show that RDBMS secrets were found hardcoded in Ansible scripts. The RDBMS resides in the internal network but is accessible from a jump server that resides in a public network.

If an attacker gains access to the scripts, what is the risk exposure?

Answer options

• A. The Automation server is at risk of being compromised.
• B. The Ansible scripts run through encrypted SSH connections.
• C. The internal network is at risk of being compromised.
• D. The entire CI/CD-related infrastructure is at risk.

Correct answer: C

Explanation

The correct answer is C because if an attacker accesses the hardcoded RDBMS secrets in the Ansible scripts, they can exploit this vulnerability and potentially gain access to the internal network where the RDBMS resides. Option A is incorrect as the Automation server itself is not directly compromised by accessing the scripts. Option B is irrelevant to the risk exposure since the issue is with hardcoded secrets, not the connection method. Option D is too broad; the primary risk is to the internal network specifically.