CompTIA SecurityX (CAS-005) — Question 66

A security architect recommends replacing the company's monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files. Which of the following changes should the security architect make in the new system?

Answer options

• A. Use a secrets management tool.
• B. Save secrets in key escrow.
• C. Store the secrets inside the Dockerfiles.
• D. Run all Dockerfiles in a randomized namespace.

Correct answer: A

Explanation

The correct answer is A, as using a secrets management tool enhances security by safely storing and managing sensitive information, rather than embedding it in code. Options B and C introduce risks; key escrow can be insecure and storing secrets in Dockerfiles exposes them to anyone with access to the image. Option D does not address the issue of secret management.