Multiple Choice
A software development team is conducting functional and user acceptance testing of internally developed web applications using a COTS solution. For automated testing, the solution uses valid user credentials from the enterprise directory to authenticate to each application. The solution stores the username in plain text and the corresponding password as an encoded string in a script within a file, located on a globally accessible network share. The account credentials used belong to the development team lead. To reduce the risks associated with this scenario while minimizing disruption to ongoing testing, which of the following are the BEST actions to take? (Choose two.)
A) Restrict access to the network share by adding a group only for developers to the share's ACL
B) Implement a new COTS solution that does not use hard-coded credentials and integrates with directory services
C) Obfuscate the username within the script file with encoding to prevent easy identification and the account used
D) Provision a new user account within the enterprise directory and enable its use for authentication to the target applications. Share the username and password with all developers for use in their individual scripts
E) Redesign the web applications to accept single-use, local account credentials for authentication
Correct Answer:
Verified
Correct Answer:
Verified
Q166: A company has decided to replace all
Q167: A firewall specialist has been newly assigned
Q168: A technician is configuring security options on
Q169: A security analyst is reviewing the following
Q170: A technician is reviewing the following log:
Q172: A Chief Information Security Officer (CISO) is
Q173: A government contractor was the victim of
Q174: A systems analyst is concerned that the
Q175: A hospital's security team recently determined its
Q176: Company.org has requested a black-box security assessment