Learn the vocabulary of automatically catching a leaked credential before it lands in repository history.
0 / 5 completed
1 / 5
A teammate explains that every commit pushed to a repository is automatically scanned for patterns that look like an API key, password, or private certificate, and the push is blocked, or an alert is fired, before that secret can ever land in the repository's history where it would remain retrievable indefinitely even after being deleted in a later commit. What source-control security control is being described?
Secrets scanning automatically inspects every commit pushed to a repository for patterns that look like an API key, password, or private certificate, blocking the push or firing an alert before that secret can land in the repository's history, which matters because once a secret is committed it remains retrievable from history indefinitely, even after being deleted in a later commit, unless the history itself is rewritten. A DNS zone transfer is an unrelated concept about replicating name server records. This scan-every-commit-before-it-lands-in-history approach is exactly why secrets scanning is a baseline software-supply-chain control because a leaked credential in git history is effectively permanent unless caught before it is ever committed.
2 / 5
During a design review, the team adopts secrets scanning for a large engineering organization with hundreds of daily commits across many repositories, specifically so an accidentally committed AWS key is caught and blocked before it ever lands in a repository's permanent history. Which capability does this provide?
Secrets scanning here provides automated, consistent leaked-credential detection at commit time, since every push is scanned regardless of which engineer or repository it comes from, rather than relying on each engineer to catch their own mistake. Relying on each individual engineer to notice and remove a credential from their own diff before pushing, with no automated check backing that up is the alternative this avoids. This behavior is exactly why secrets scanning is favored in this kind of scenario.
3 / 5
In a code review, a dev notices an organization relies entirely on each engineer noticing and removing a credential from their own diff before pushing, with no automated commit scanning in place, instead of running secrets scanning that would catch a leaked AWS key before it lands in history. What does this represent?
This is a missed secrets scanning-opportunity, since secrets scanning would catch the leaked credential automatically at commit time instead of relying entirely on an engineer noticing it themselves. A cache eviction policy is an unrelated concept about discarded cache entries. This pattern is exactly the kind of gap a reviewer flags once the tradeoffs are understood.
4 / 5
An incident report shows an AWS key committed by mistake sat in a public repository's history for two weeks before anyone noticed, racking up unauthorized charges, because there was no automated scanning in place and the organization relied entirely on engineers catching their own mistakes. What practice would prevent this?
Adding automated secrets scanning to every push, so a leaked credential like the AWS key is caught and blocked at commit time instead of relying on an engineer to notice it. Continuing the prior approach regardless of the risk it has already caused is exactly what led to the incident described here. This fix is the standard remedy once the root cause is confirmed.
5 / 5
During a PR review, a teammate asks why the team reaches for secrets scanning instead of relying entirely on manual code review to catch a leaked credential. What is the reasoning?
secrets scanning trades the setup and occasional false-positive tuning of an automated scanner for catching a leaked credential consistently at commit time regardless of who pushed it, while manual code review alone is simpler to set up but depends entirely on a reviewer happening to notice a credential buried in a large diff. This is exactly why secrets scanning is favored when the organization is large enough that relying on every individual engineer to self-catch a mistake is not reliable, while relying entirely on manual code review to catch a leaked credential remains acceptable when the team is tiny and every diff is already reviewed carefully enough that a scanner adds little.
What does the "Secrets Scanning Vocabulary" vocabulary exercise cover?
This exercise tests real IT vocabulary related to secrets scanning vocabulary through 5 multiple-choice questions, each built from realistic workplace sentences rather than abstract definitions.
Is this vocabulary exercise free to use?
Yes. Every exercise on CoderSlingo, including this one, is completely free — no account, sign-up, or payment required.
How many questions does this exercise have?
This exercise has 5 questions. Each one shows a real-world sentence or scenario with multiple-choice options and an explanation once you answer.
What happens after I answer a question?
You'll see immediate feedback showing whether your answer was correct, along with a short explanation of why — then a button to move to the next question, and a full results screen at the end.
Can I retry the exercise if I get questions wrong?
Yes. Once you reach the results screen, click "Try again" to reset your answers and go through the exercise from the start as many times as you like.
Do I need to create an account to take this exercise?
No account is needed. Your answers are scored in your browser during the session — nothing is saved to a server, so you can jump straight in.
Is my progress saved if I leave the page?
No — progress within an exercise resets if you navigate away or reload. Each exercise is short enough to complete in a few minutes in one sitting.
Are these vocabulary exercises connected to other topics?
Yes — browse the full vocabulary exercises hub to find related modules covering adjacent IT topics and roles.
How is this different from reading a glossary or blog article?
Exercises like this one are active recall drills — you have to choose the correct term or phrasing yourself, which builds retention faster than passively reading a definition.
Where can I find more vocabulary exercises?
Browse the full Vocabulary exercises hub for hundreds of modules covering Agile, DevOps, security, databases, architecture, and more — organised by IT role and skill.