CompTIA CASP+ (CAS-004) — Question 195

A company wants to securely manage the APIs that were developed for its in-house applications. Previous penetration tests revealed that developers were embedding unencrypted passwords in the code. Which of the following can the company do to address this finding? (Choose two.)

Answer options

• A. Implement complex, key-length API key management.
• B. Implement user session logging.
• C. Implement time-based API key management.
• D. Use SOAP instead of restful services.
• E. Incorporate a DAST into the DevSecOps process to identify the exposure of secrets.
• F. Enforce MFA on the developers’ workstations and production systems.

Correct answer: A, C

Explanation

Implementing complex, key-length API key management and time-based API key management helps to ensure that sensitive information is not hard-coded and is managed securely. The other options either do not directly address the issue of password exposure or focus on other security aspects that do not mitigate the risk of unencrypted passwords in the code.