CompTIA CASP+ (CAS-004) — Question 34
A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.
Which of the following would BEST secure the company's CI/CD pipeline?
Answer options
- A. Utilizing a trusted secrets manager
- B. Performing DAST on a weekly basis
- C. Introducing the use of container orchestration
- D. Deploying instance tagging
Correct answer: A
Explanation
Using a trusted secrets manager is the best option because it allows for secure storage and management of sensitive information, preventing hard-coding in the codebase. Performing DAST, while important for identifying vulnerabilities, does not directly address the issue of sensitive data exposure. Container orchestration and instance tagging do not specifically solve the problem of managing secrets effectively.