CompTIA CySA+ Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the CompTIA CySA+ Exam with our quizzes. Master essential cybersecurity skills with flashcards and multiple-choice questions, complete with hints and explanations to optimize your learning experience.

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What is the security flaw of embedding API keys in the source code?

Key management is no longer required since the key is embedded
The embedded key may be discovered by an attacker
It is difficult to control the permission levels for embedded keys
Changing the API key will require a corresponding software upgrade

The correct answer is: The embedded key may be discovered by an attacker

Embedding API keys in the source code poses significant security risks primarily because the embedded key may be discovered by an attacker. When API keys are hardcoded within the source code, they can easily be exposed, especially if the code is shared, deployed to public repositories, or improperly secured. Attackers can scan the source code or use various techniques to extract these keys, leading to unauthorized access to APIs and the potential for exploitation of the associated systems and data. Additionally, the exposure of API keys can result in misuse, where an attacker could make API calls under the organization’s identity, possibly leading to data breaches or other malicious activities. This highlights the importance of secure key management practices such as storing API keys in environment variables or using dedicated secret management tools to minimize the risk of exposure. The other options do not directly address the critical vulnerability associated with embedding keys in source code, making them less relevant to the specific security flaw outlined in the question.