Developers store API keys in public GitHub repos. Which practice BEST reduces credential abuse long term?
Multiple choice — select one answer
Answer choices
Architectural breakdown & explanation
Prevention and rotation limit blast radius when keys leak; scanning catches commits early.
Correct answer(s): d. Secret scanning in CI/CD, pre-commit hooks, and short-lived scoped tokens
Exam domain: Credential abuse (20% weight on the official guide).
Official documentation & study links
Practice this certification
This page is one question from the KeyTrain's Key Training — Identity & Access Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.