Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements: https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?
A . TPM
B . Local secure password file
C . MFA
D . Key vault

View Answer

Answer: D

Explanation:

Reference: https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/tpm-fundamentals

A key vault is a service that provides secure storage and management of keys, secrets, and certificates. It can be used to store credentials used to publish production software to the container registry in a secure location, and restrict access to the pipeline service account without allowing the third-party developer to read the credentials directly. A TPM (trusted platform module) is a hardware device that provides cryptographic functions and key storage, but it is not suitable for storing shared credentials. A local secure password file is a file that stores passwords in an encrypted format, but it is not as secure or scalable as a key vault. MFA (multi-factor authentication) is a method of verifying the identity of a user or device by requiring two or more factors, but it does not store credentials.

Verified Reference:

https://www.comptia.org/blog/what-is-a-key-vault

https://partners.comptia.org/docs/default-source/resources/casp-content-guide