Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA PT0-003 Exam - Topic 5 Question 20 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 20
Topic #: 5
[All PT0-003 Questions]

A penetration tester successfully clones a source code repository and then runs the following command:

find . -type f -exec egrep -i "token|key|login" {} \;

Which of the following is the penetration tester conducting?

Show Suggested Answer Hide Answer
Suggested Answer: B

Penetration testers search for hardcoded credentials, API keys, and authentication tokens in source code repositories to identify secrets leakage.

Secrets scanning (Option B):

The find and egrep command scans all files recursively for sensitive keywords like 'token,' 'key,' and 'login'.

Attackers use tools like TruffleHog and GitLeaks to automate secret discovery.


Incorrect options:

Option A (Data tokenization): Tokenization replaces sensitive data with unique tokens, not scanning for credentials.

Option C (Password spraying): Tries common passwords across multiple accounts, unrelated to scanning source code.

by Alethea at Mar 06, 2025, 05:09 AM

Limited Time Offer

25%

Off

Get Premium PT0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jeff
6 months ago
Not sure about that, seems more like data tokenization to me.
upvoted 0 times
...
Amie
6 months ago
Surprised they didn't find anything with that search!
upvoted 0 times
...
Jina
6 months ago
That command looks like it's searching for sensitive info.
upvoted 0 times
...
Lajuana
6 months ago
I think it's source code analysis, right?
upvoted 0 times
...
Lindsey
7 months ago
Definitely secrets scanning!
upvoted 0 times
...
Chun
7 months ago
I could be wrong, but I feel like the focus on "token" and "key" suggests it's more about secrets scanning than just general source code analysis.
upvoted 0 times
...
Stephania
7 months ago
This seems similar to a practice question we did on identifying vulnerabilities in code. I want to say it's about secrets scanning.
upvoted 0 times
...
Andree
7 months ago
I'm not entirely sure, but I remember something about source code analysis involving searching for credentials.
upvoted 0 times
...
Judy
7 months ago
I think the command is looking for sensitive information like tokens or keys, so it might be secrets scanning?
upvoted 0 times
...
Oneida
8 months ago
Ah, I see what's going on here. The penetration tester is scanning the source code for any sensitive information like tokens, keys, and login credentials. That's definitely a form of secrets scanning, so I'm going to go with option B.
upvoted 0 times
...
Quentin
8 months ago
This is a tricky one. The command is looking for specific keywords like "token", "key", and "login", which could indicate they're trying to find sensitive information. But I'm not sure if that's considered "secrets scanning" or something else. I'll have to make an educated guess on this one.
upvoted 0 times
...
Hyun
8 months ago
Okay, I think I've got this. The penetration tester is cloning the source code repository and then using a command to search for sensitive information like credentials and API keys. That sounds like they're conducting a source code analysis, so I'll go with option D.
upvoted 0 times
...
Hannah
8 months ago
Hmm, I'm a bit unsure about this one. The command is searching the source code, but I'm not sure if that's considered "secrets scanning" or something else. I'll have to think this through a bit more.
upvoted 0 times
...
Golda
8 months ago
This looks like a pretty straightforward question. The command is clearly searching for sensitive information like tokens, keys, and login credentials, so I'm going to go with option B - Secrets scanning.
upvoted 0 times
...
Pedro
8 months ago
This seems pretty straightforward to me. The penetration tester is clearly scanning the source code for any sensitive information like API keys or login credentials, so the answer has to be Secrets scanning.
upvoted 0 times
...
Leslie
8 months ago
I'm a bit confused on this one. The command seems to be searching for some kind of sensitive information, but I'm not sure if that's considered "data tokenization" or something else. I'll have to review my notes on that.
upvoted 0 times
...
Lenna
8 months ago
Okay, the key here is that the penetration tester is searching for "token|key|login" in the source code. That sounds like they're looking for sensitive information, so I'm going to go with Secrets scanning.
upvoted 0 times
...
Kenda
8 months ago
Hmm, this looks like a tricky one. I'll need to think it through carefully.
upvoted 0 times
...
Natalie
1 year ago
Secrets scanning is the way to go. I bet the tester is looking for those juicy credentials hidden in the code. Gotta keep those skeletons in the closet!
upvoted 0 times
Carissa
1 year ago
Better keep those skeletons in the closet!
upvoted 0 times
...
Tula
1 year ago
Definitely trying to find some juicy credentials.
upvoted 0 times
...
Patrick
1 year ago
Looking for some hidden secrets, huh?
upvoted 0 times
...
...
Francesco
1 year ago
I believe it could also be source code analysis, as they are looking for sensitive information in the code.
upvoted 0 times
...
Mollie
1 year ago
Password spraying? Really? That command has nothing to do with brute-forcing passwords. I think it's clearly secrets scanning.
upvoted 0 times
...
Lennie
1 year ago
I agree with Glenna, it looks like secrets scanning to me.
upvoted 0 times
...
Monroe
1 year ago
I'd say source code analysis. The tester is examining the code for potential vulnerabilities.
upvoted 0 times
Erasmo
1 year ago
A: Makes sense. It's important to check for any exposed secrets in the code.
upvoted 0 times
...
Jonell
1 year ago
B: I agree with you. It's definitely secrets scanning to identify any security risks.
upvoted 0 times
...
Cordell
1 year ago
A: I think it's secrets scanning. The tester is looking for sensitive information like tokens and keys.
upvoted 0 times
...
...
Blondell
1 year ago
Definitely secrets scanning. That command looks for sensitive information like tokens, keys, and logins. Good catch!
upvoted 0 times
Renea
1 year ago
Agreed, the penetration tester is conducting secrets scanning to find any vulnerabilities.
upvoted 0 times
...
Gregoria
1 year ago
It's important to check for sensitive information like tokens and keys.
upvoted 0 times
...
Carin
1 year ago
Yes, that command is definitely for secrets scanning.
upvoted 0 times
...
...
Glenna
1 year ago
I think the penetration tester is conducting secrets scanning.
upvoted 0 times
...

Save Cancel