CompTIA CASP+ (CAS-004) — Question 6
A company has hired a third party to develop software as part of its strategy to be quicker to market. The company's policy outlines the following requirements:
✑ The credentials used to publish production software to the container registry should be stored in a secure location.
✑ Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.
Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?
Answer options
- A. TPM
- B. Local secure password file
- C. MFA
- D. Key vault
Correct answer: D
Explanation
The Key vault is the best option because it provides a secure way to store and manage sensitive information like credentials, with built-in access control and auditing features. The other options, such as a local secure password file or TPM, do not offer the same level of security and access management needed to restrict visibility to the third-party developer.