Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CompTIA Exam PT0-003 Topic 5 Question 20 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 20
Topic #: 5
[All PT0-003 Questions]

A penetration tester successfully clones a source code repository and then runs the following command:

find . -type f -exec egrep -i "token|key|login" {} \;

Which of the following is the penetration tester conducting?

Show Suggested Answer Hide Answer
Suggested Answer: B

Penetration testers search for hardcoded credentials, API keys, and authentication tokens in source code repositories to identify secrets leakage.

Secrets scanning (Option B):

The find and egrep command scans all files recursively for sensitive keywords like 'token,' 'key,' and 'login'.

Attackers use tools like TruffleHog and GitLeaks to automate secret discovery.


Incorrect options:

Option A (Data tokenization): Tokenization replaces sensitive data with unique tokens, not scanning for credentials.

Option C (Password spraying): Tries common passwords across multiple accounts, unrelated to scanning source code.

by Alethea at Mar 06, 2025, 05:09 AM

Limited Time Offer

25%

Off

Get Premium PT0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Natalie
26 days ago
Secrets scanning is the way to go. I bet the tester is looking for those juicy credentials hidden in the code. Gotta keep those skeletons in the closet!
upvoted 0 times
Carissa
10 days ago
Better keep those skeletons in the closet!
upvoted 0 times
...
Tula
16 days ago
Definitely trying to find some juicy credentials.
upvoted 0 times
...
Patrick
17 days ago
Looking for some hidden secrets, huh?
upvoted 0 times
...
...
Francesco
27 days ago
I believe it could also be source code analysis, as they are looking for sensitive information in the code.
upvoted 0 times
...
Mollie
29 days ago
Password spraying? Really? That command has nothing to do with brute-forcing passwords. I think it's clearly secrets scanning.
upvoted 0 times
...
Lennie
29 days ago
I agree with Glenna, it looks like secrets scanning to me.
upvoted 0 times
...
Monroe
1 months ago
I'd say source code analysis. The tester is examining the code for potential vulnerabilities.
upvoted 0 times
Erasmo
6 days ago
A: Makes sense. It's important to check for any exposed secrets in the code.
upvoted 0 times
...
Jonell
18 days ago
B: I agree with you. It's definitely secrets scanning to identify any security risks.
upvoted 0 times
...
Cordell
19 days ago
A: I think it's secrets scanning. The tester is looking for sensitive information like tokens and keys.
upvoted 0 times
...
...
Blondell
1 months ago
Definitely secrets scanning. That command looks for sensitive information like tokens, keys, and logins. Good catch!
upvoted 0 times
Renea
24 days ago
Agreed, the penetration tester is conducting secrets scanning to find any vulnerabilities.
upvoted 0 times
...
Gregoria
25 days ago
It's important to check for sensitive information like tokens and keys.
upvoted 0 times
...
Carin
27 days ago
Yes, that command is definitely for secrets scanning.
upvoted 0 times
...
...
Glenna
2 months ago
I think the penetration tester is conducting secrets scanning.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77