ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-901 All Questions

View all questions & answers for the 350-901 exam
Go to Exam

Exam 350-901 topic 1 question 159 discussion

Actual exam question from Cisco's 350-901
Question #: 159
Topic #: 1
[All 350-901 Questions]

A developer has just completed the configuration of an API that connects sensitive internal systems. Based on company policies, the security of the data is a high priority.
Which approach must be taken to secure API keys and passwords?

  • A. Embed them directly in the code.
  • B. Store them in a hidden file.
  • C. Store them inside the source tree of the application.
  • D. Change them periodically.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by FR99 at Aug. 18, 2020, 5:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
FR99
Highly Voted 4 years, 10 months ago
I go with "D. Change them periodically." "Do not embed API keys or signing secrets directly in code. Do not store API keys or signing secrets in files inside your application's source tree." https://developers.google.com/maps/api-key-best-practices
upvoted 5 times
...
Amycert
Most Recent 9 months, 1 week ago
Selected Answer: D
D is the only one that makes sense. But the true correct answer should be: store them in local environmental variables. But also, recently there is a now aproach which is to store them in a safe location and obtain them via a safe program, such as conjur, that way you only need conjur key/secret and obtain from them all the other keys.
upvoted 1 times
...
Teringzooi
2 years, 8 months ago
Selected Answer: D
Correct ansewr: D https://blogs.cisco.com/developer/dna-center-api-authentication-with-vault
upvoted 1 times
...
designated
2 years, 10 months ago
Selected Answer: D
D is the best practice here.
upvoted 1 times
...
dexilec82
3 years, 4 months ago
A. - you are essentially exposing it B. - you can hide but you cannot run remember the hackers are good at finding hidden objects. C. - why would you store it on the source tree, a giveaway? D. - Change them periodically makes sense and in fact every companies general policy is to change password periodically.
upvoted 2 times
...
architect_
4 years, 1 month ago
"D" https://blogs.cisco.com/developer/dna-center-api-authentication-with-vault
upvoted 3 times
...
fwc
4 years, 10 months ago
Think both "B" and "D" make sence
upvoted 1 times
flambadone
4 years, 8 months ago
I'm going to say that it's probably 'D' because it says "Based on your company's policies" - which would dictate something like regularly changing keys and rotation of passwords. If I had to throw a dart, a static hidden file is less secure than a key that changes often.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel