CompTIA Cloud+ (CV0-003) — Question 116

A production engineer is configuring a new application, which is running in containers, that requires access to a database. Which of the following methods will allow the application to authenticate to the database in the MOST secure way?

Answer options

• A. Store the credentials in a variable on every worker node
• B. Store the credentials on a shared volume using whole-disk encryption
• C. Store the credentials in a configuration file using SHA-256 inside the container image
• D. Store the credentials using the orchestrator secret manager

Correct answer: D

Explanation

The correct answer is D, as using the orchestrator's secret manager ensures that credentials are stored securely and can be managed centrally with access controls. Options A and C expose credentials either directly or indirectly, while option B, although more secure than A and C, still does not provide the same level of security and management capabilities as a dedicated secret manager.