What is best practice for secret rotation in deployments?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the MP Deployment Exam with flashcards and multiple choice questions. Hints and explanations available for every question. Ace your exam!

Multiple Choice

What is best practice for secret rotation in deployments?

Explanation:
The main idea is to manage secrets with proactive, layered controls that reduce exposure and improve traceability. Automatic rotation minimizes the window during which a compromised credential can be abused, and it helps avoid human error from manual updates. It works best when secrets are rotated on a schedule or in response to certain events, with the secret manager handling the generation and distribution of fresh credentials so services can obtain them without downtime. Least privilege access ensures that each component or service only sees the secrets it truly needs, limiting the blast radius if a secret is exposed and enabling tighter auditing of who or what accessed it. Encrypted storage protects secrets at rest, so even if the storage layer is compromised, the data remains unreadable, while encryption in transit keeps secrets secure as they move between systems. When combined, these practices create a robust, defense-in-depth approach to secret management. Rotating only after a breach is suspected leaves a long detection window and potential damage, plaintext storage in config files is highly insecure, and sharing secrets across teams in a single vault without auditing breaks least-privilege principles and obscures who accessed what.

The main idea is to manage secrets with proactive, layered controls that reduce exposure and improve traceability. Automatic rotation minimizes the window during which a compromised credential can be abused, and it helps avoid human error from manual updates. It works best when secrets are rotated on a schedule or in response to certain events, with the secret manager handling the generation and distribution of fresh credentials so services can obtain them without downtime. Least privilege access ensures that each component or service only sees the secrets it truly needs, limiting the blast radius if a secret is exposed and enabling tighter auditing of who or what accessed it. Encrypted storage protects secrets at rest, so even if the storage layer is compromised, the data remains unreadable, while encryption in transit keeps secrets secure as they move between systems. When combined, these practices create a robust, defense-in-depth approach to secret management.

Rotating only after a breach is suspected leaves a long detection window and potential damage, plaintext storage in config files is highly insecure, and sharing secrets across teams in a single vault without auditing breaks least-privilege principles and obscures who accessed what.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy