Which connection string should you add to the .config file?

You use Microsoft Visual Studio 2010 and Microsoft .NET Framework 4 to create an application. The
application connects to a Microsoft SQL Server 2008 database. The application uses a Microsoft
ADO.NET SQL Server managed provider. When a connection fails, the application logs connection
information, including the full connection string. The information is stored as plain text in a .config
file. You need to ensure that the database credentials are secure. Which connection string should
you add to the .config file?

A.
Data Source=myServerAddress; Initial Catalog=myDataBase; Integrated Security=SSPI; Persist
Security Info=true;

B.
Data Source=myServerAddress; Initial Catalog=myDataBase; User Id = myUsername; Password =
myPassword; Persist Security Info=false;

C.
Data Source=myServerAddress; Initial Catalog=myDataBase; Integrated Security=SSPI; Persist
Security Info=false;

D.
Data Source=myServerAddress; Initial Catalog=myDataBase; User Id = myUsername; Password =
myPassword; Persist Security Info=true;

Explanation:

Persist Security Info
Default: ‘false’
When set to false or no (strongly recommended), security-sensitive information, such as the
password, is not returned as part of the connection if the connection is open or has ever been in an
open state. Resetting the connection string resets all connection string values including the
password.
Recognized values are true, false, yes, and no.