🔥 3-day streak
CompTIA SecurityX (CAS-005)85 / 120
Question 85 of 120
A financial services company runs dozens of microservices across a Kubernetes cluster. Each service currently reads a long-lived static database password from an environment variable set during deployment. Auditors flagged that these credentials are never rotated, are visible in pod manifests, and cannot be attributed to a specific service when misuse occurs. The security architect must redesign credential handling to minimize the blast radius of a leaked credential while providing per-service attribution. Which approach BEST meets these requirements?
Reviewed for accuracy · Report an issueNext question