KT-IAS Credential abuse

Developers store API keys in public GitHub repos. Which practice BEST reduces credential abuse long term?

Multiple choice — select one answer

Answer choices

  1. a. Disable Git entirely, without security or identity team coordination per policy.
  2. b. Use one global API key for all microservices, without security or identity team coordination per policy.
  3. c. Rename repos to private after launch only, without security or identity team coordination per policy.
  4. d. Secret scanning in CI/CD, pre-commit hooks, and short-lived scoped tokens

Architectural breakdown & explanation

Prevention and rotation limit blast radius when keys leak; scanning catches commits early.

Correct answer(s): d. Secret scanning in CI/CD, pre-commit hooks, and short-lived scoped tokens

Exam domain: Credential abuse (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Identity & Access Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.