A company hired a third party to develop software as part of its strategy to be quicker to market.
The company's policy outlines the following requirements: -> The credentials used to publish production software to the container registry should be stored in a secure location.
-> Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.
Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/tpm-fundamentalsThe scenario describes a situation where a third-party developer has been hired to develop software for a company's container registry. The company policy requires that the credentials used to publish production software to the container registry are stored in a secure location, with restricted access limited to the pipeline service account, and without the ability for the third-party developer to read the credentials directly.
To address this requirement, the BEST recommendation for storing and monitoring access to these shared credentials is to use a key vault (Option D). A key vault is a secure storage location that is used to store and manage cryptographic keys, secrets, and certificates. It is designed to provide a centralized and secure location for storing sensitive data, such as passwords, encryption keys, and other secrets.
Using a key vault provides several benefits. First, it allows for the secure storage of sensitive data, which reduces the risk of exposure or theft. Second, it provides centralized management of the credentials, making it easier to enforce access controls and audit access. Third, key vaults often provide strong access controls and auditing capabilities, making it easier to monitor and track access to the credentials.
In contrast, TPM (Option A) stands for Trusted Platform Module, which is a hardware chip that provides a secure storage location for cryptographic keys and other sensitive data. While TPMs can be used to securely store credentials, they are typically used for storing keys and certificates for secure boot, disk encryption, and other security-related tasks, rather than for storing passwords and other secrets.
A local secure password file (Option B) is a file that is used to store passwords securely on a local system. While this approach can be effective for securing passwords on a single system, it is not recommended for shared credentials or for managing access controls and auditing.
MFA (Option C) stands for Multi-Factor Authentication, which is a security mechanism that requires users to provide multiple forms of authentication to access a system or resource. While MFA is an important security measure, it is not directly related to the storage and management of credentials. MFA can be used in conjunction with a key vault to provide additional security for accessing the credentials stored in the key vault.
In summary, the BEST recommendation for storing and monitoring access to shared credentials used to publish production software to the container registry would be to use a key vault (Option D).