KT-DP Sensitive data exposure

Git history contains AWS keys for a retired project. What reduces future sensitive exposure?

Multiple choice — select one answer

Answer choices

  1. a. Make the repo private without rotation, without security or identity team coordination per policy.
  2. b. Rotate keys, purge secrets from history, and enable secret scanning on all repos
  3. c. Ignore because the project is old, without security or identity team coordination per policy.
  4. d. Add a README saying 'do not use keys', without security or identity team coordination per policy.

Architectural breakdown & explanation

Secrets in VCS remain reachable until rotated and removed; scanning prevents recurrence.

Correct answer(s): b. Rotate keys, purge secrets from history, and enable secret scanning on all repos

Exam domain: Sensitive data exposure (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Data Protection bank. Run a full timed practice exam with domain-weighted random questions in your browser.