🔥 3-day streak
CompTIA SecurityX (CAS-005)1 / 120
Question 1 of 120
A DevSecOps team uses Ansible to orchestrate configuration of thousands of Linux hosts. During a security review, an engineer discovers that database passwords and API tokens are stored in cleartext within playbook group_vars files committed to the shared Git repository, and that playbooks run under a single privileged service account with unrestricted SSH access to all managed nodes. Which combination of changes MOST effectively hardens the automation platform against secret exposure and blast-radius escalation?
Reviewed for accuracy · Report an issueNext question