CompTIA CASP+ (CAS-004) — Question 574

A security architect recommends replacing the company's monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files. Which of the following changes should the security architect make in the new system?

Answer options

• A. Use a secrets management tool.
• B. Save secrets in key escrow.
• C. Store the secrets inside the Dockerfiles.
• D. Run all Dockerfiles in a randomized namespace.

Correct answer: A

Explanation

The correct answer is A because a secrets management tool is specifically designed to securely store and manage sensitive data such as passwords and API keys, which is crucial in a containerized environment. Options B, C, and D are not secure practices; key escrow does not adequately protect secrets, storing secrets in Dockerfiles can expose them, and running Dockerfiles in randomized namespaces does not address the issue of secret management.