CrowdStrike CCCS-203b Exam - Topic 5 Question 2 Discussion

Actual exam question for CrowdStrike's CCCS-203b exam

Question #: 2
Topic #: 5

You receive an alert that one of your container images contains AWS credentials stored in cleartext.

What detection type should you search for to investigate?

ASuspicious file

BMisconfiguration

CExposed credential

DSecret
When CrowdStrike Falcon detects cloud credentials---such as AWS access keys---stored in cleartext within a container image, the finding is classified as a Secret detection. Secrets include sensitive data such as API keys, access tokens, passwords, and cryptographic material embedded in container images, configuration files, or source code.
Falcon Cloud Security performs deep inspection of container images during image assessment to identify hard-coded secrets before those images are deployed into runtime environments. Storing AWS credentials in cleartext represents a critical security risk because attackers who gain access to the image can easily extract and misuse those credentials to access cloud resources.
While misconfigurations focus on insecure cloud settings and suspicious files relate to potentially malicious artifacts, secret detections are specifically intended to highlight exposed sensitive information. The Exposed credential option may sound similar, but within CrowdStrike's detection taxonomy for container and image security, these findings are categorized under Secret detections.
Investigating Secret detections allows security teams to quickly identify where credentials are embedded, rotate compromised keys, and remediate the issue by using secure alternatives such as cloud-native secrets managers or environment-based injection mechanisms. Therefore, the correct detection type to search for is Secret.

Show Suggested Answer

Suggested Answer: D

by Erick at Jan 22, 2026, 04:50 PM

Limited Time Offer

25%

1 month ago

This seems like a pretty straightforward question. The key is to identify the detection type that specifically deals with exposed credentials, which in this case is "Secret".

upvoted 0 times

...