CompTIA PenTest+ (PT0-003) — Question 107

A penetration tester successfully clones a source code repository and then runs the following command:

find . -type f -exec egrep -i "token|key|login" {} \;

Which of the following is the penetration tester conducting?

Answer options

• A. Data tokenization
• B. Secrets scanning
• C. Password spraying
• D. Source code analysis

Correct answer: B

Explanation

The command used by the penetration tester is searching for sensitive information such as tokens, keys, or login credentials within the files of the cloned repository, which is indicative of secrets scanning. The other options do not pertain to this specific type of search; for example, data tokenization involves replacing sensitive data with non-sensitive equivalents, not searching for them.