A developer has just completed the configuration of an API that connects sensitive internal
systems. Based on company policies, the security of the data is a high priority.
Which approach must be taken to secure API keys and passwords?
A . Embed them directly in the code.
B . Store them in a hidden file.
C . Store them inside the source tree of the application.
D . Change them periodically.
Answer: D