ExamGecko
Search Search Login
Home Home / Cisco / 200-901
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

How are operations on REST APIs performed as compared to RPC APIs?
Refer to the exhibit. A developer can access the TLS REST API on server A, but cannot access the API on server B. The developer can ping server B. When the developer performs a packet capture on the TLS REST API port on server B, the capture shows that the packet arrived and the server responded. What causes the issue?
Where is an IP packet routed if the packet does not match any routes in the routing table?
What should a CI/CD pipeline aim to achieve?
A developer is trying to retrieve data over a REST API. The API server responds with an HTTP client error response code. After investigating the response the developer realizes the response has a RetryAfter header. What is the root cause of this error?
What is the Git command to delete a local branch named “experiment” without a warning?
Which Cisco compute management platform controls server, network, storage, and virtual resources with policy-driven management for up to 10000 physical Cisco servers?
What is a component of the first stage of an application development CI/CD pipeline?
What is a benefit of test-driven development?
What is the function of an IP address in networking?

Question 246 - 200-901 discussion

Report
Export

A developer pushes an application to production. The application receives a webhook over HTTPS without a secret. The webhook information contains credentials to service in cleartext. When the information is received, it is stored in the database with an SHA-256 hash. Credentials to the database are accessed at runtime through the use of a vault service.

While troubleshooting, the developer sets the logging to debug to view the message from the webhook. What is the security issue in this scenario?

A.

Database credentials should be accessed by using environment variables defined at runtime.

Answers
A.

Database credentials should be accessed by using environment variables defined at runtime.

B.

During the transport of webhook messages, the credentials could be unencrypted and leaked.

Answers
B.

During the transport of webhook messages, the credentials could be unencrypted and leaked.

C.

During logging, debugging should be disabled for the webhook message.

Answers
C.

During logging, debugging should be disabled for the webhook message.

D.

Hashing the credentials in the database is not secure enough; the credentials should be encrypted.

Answers
D.

Hashing the credentials in the database is not secure enough; the credentials should be encrypted.

Suggested answer: B
Show Answer
asked 07/10/2024
Jozsef Stelly
47 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms