CompTIA PenTest+ (PT0-002) — Question 161

A penetration tester uncovers access keys within an organization's source code management solution. Which of the following would BEST address the issue? (Choose two.)

Answer options

• A. Setting up a secret management solution for all items in the source code management system
• B. Implementing role-based access control on the source code management system
• C. Configuring multifactor authentication on the source code management system
• D. Leveraging a solution to scan for other similar instances in the source code management system
• E. Developing a secure software development life cycle process for committing code to the source code management system
• F. Creating a trigger that will prevent developers from including passwords in the source code management system

Correct answer: A, D

Explanation

Implementing a secret management solution (Option A) ensures that sensitive information like access keys is stored securely, reducing the risk of exposure in the source code. Additionally, leveraging a solution to scan for other similar instances (Option D) helps identify and remediate potential security issues across the codebase. The other options, while beneficial for overall security, do not specifically address the immediate problem of exposed access keys.