Exam CCAK topic 1 question 226 discussion

C. Credential scanning Credential scanning is a process used to automatically detect sensitive information, such as access keys, passwords, and other credentials, in source code, configuration files, and other artifacts during development. These tools are specifically designed to identify and flag instances where credentials may have been inadvertently included in files that should not contain them, helping to prevent security breaches and unauthorized access. While static code review (A) involves analyzing source code without executing it and can sometimes identify hardcoded credentials, credential scanning (C) is more specialized for this specific task. Dynamic code review (B) is not typically used for identifying stored credentials, as it involves analyzing the behavior of code during execution. Vulnerability scanning (D) is generally focused on identifying security vulnerabilities in deployed applications rather than checking for credentials in source code.

It is C.

CCAK Pg:353 Stored Credentials/Secrets Scanning

Its C, credential Scanning . A frequently occurring problem in security is the storage of credentials such as passwords and access keys in source code, or configuration or other files. This creates the risk that those credentials—which should never be shared—are exposed to people who do not have permission to access them. This could lead to the organization’s application or data being vulnerable. Credential scanning tools search source code for credentials to make sure they are not inadvertently checked in with code.