KT-APP Insecure coding

Secrets are hard-coded in a mobile app binary. BEST remediation?

Multiple choice — select one answer

Answer choices

  1. a. Publish app only on Fridays, without security or identity team coordination per policy.
  2. b. Remove secrets from client; use backend broker with short-lived tokens
  3. c. Obfuscate variable names, without security or identity team coordination per policy.
  4. d. Use longer secret strings, without security or identity team coordination per policy.

Architectural breakdown & explanation

Client binaries are extractable; secrets belong server-side.

Correct answer(s): b. Remove secrets from client; use backend broker with short-lived tokens

Exam domain: Insecure coding (25% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Application Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.