Penetration testers search for hardcoded credentials, API keys, and authentication tokens in source code repositories to identify secrets leakage.
Secrets scanning (Option B):
The find and egrep command scans all files recursively for sensitive keywords like "token," "key," and "login".
Attackers use tools like TruffleHog and GitLeaks to automate secret discovery.
[Reference: CompTIA PenTest+ PT0-003 Official Study Guide - "Source Code Review and Secret Leakage", Incorrect options:, Option A (Data tokenization): Tokenization replaces sensitive data with unique tokens, not scanning for credentials., Option C (Password spraying): Tries common passwords across multiple accounts, unrelated to scanning source code., Option D (Source code analysis): Broader than secrets scanning; this question focuses specifically on credential discovery., ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit