Prepare for the CompTIA CySA+ Exam with comprehensive tests and detailed explanations. Enhance your knowledge with multiple question formats and expert insights. Ace your exam with confidence!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.


What is the security flaw of embedding API keys in the source code?

  1. Key management is no longer required since the key is embedded

  2. The embedded key may be discovered by an attacker

  3. It is difficult to control the permission levels for embedded keys

  4. Changing the API key will require a corresponding software upgrade

The correct answer is: The embedded key may be discovered by an attacker

Embedding API keys in the source code poses significant security risks primarily because the embedded key may be discovered by an attacker. When API keys are hardcoded within the source code, they can easily be exposed, especially if the code is shared, deployed to public repositories, or improperly secured. Attackers can scan the source code or use various techniques to extract these keys, leading to unauthorized access to APIs and the potential for exploitation of the associated systems and data. Additionally, the exposure of API keys can result in misuse, where an attacker could make API calls under the organization’s identity, possibly leading to data breaches or other malicious activities. This highlights the importance of secure key management practices such as storing API keys in environment variables or using dedicated secret management tools to minimize the risk of exposure. The other options do not directly address the critical vulnerability associated with embedding keys in source code, making them less relevant to the specific security flaw outlined in the question.