ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-901 All Questions

View all questions & answers for the 350-901 exam
Go to Exam

Exam 350-901 topic 1 question 341 discussion

Actual exam question from Cisco's 350-901
Question #: 341
Topic #: 1
[All 350-901 Questions]



Refer to the exhibit. An application was developed to be deployed on a global scale. The application will be available to all users of an enterprise and will require secure access. During code review, poor secret storage practices were identified. How must the secret storage approach be changed to improve security?

  • A. Leverage an external secret vault to retrieve DB_PWD and set the vault key as an OS environment variable before running the code.
  • B. Set an OS environment variable for DB_PWD to the database password before running the code, and stop setting DB_PWD within the code.
  • C. In DB_PWD, store a hashed version of the database password generated by using the hashlib library.
  • D. Store an encrypted version of the database password in DB_PWD and decrypt the password before running the code.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ThePokemonNuzlockingMaster at July 2, 2023, 4:20 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Amycert
8 months ago
Selected Answer: A
A is correct, vault for secrets and access the vault with environmental variable
upvoted 1 times
...
kirrim
1 year, 7 months ago
Cisco's recommendations around storing app secrets: - There is no single correct way to protect secrets, because no approach is optimal for ALL SITUATIONS. - Where possible, use single sign-on systems - Where possible, use multifactor authentication However, none of those apply in these choices :( I think out of the choices given, both A and B are the best options. I'm leaning towards A, because B doesn't specify how the environment variable is stored, and whether such storage is secure. For example, storing on disk or in your git repo in a .env file is not secure. Typing it in by hand like: export DB_PWD="pass" and then using Python import os and then DB_PWD=os.getenv("DB_PWD") still leaves it in RAM until you exit your shell after running the Python script. Probably the best answer is using an API call to an on-prem or cloud-based secret manager within your code, and using the retrieved value.
upvoted 4 times
...
ThePokemonNuzlockingMaster
1 year, 10 months ago
I think I agree with the answer, although I'm not certain
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel