ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A start-up is migrating its user authentication service to an Amazon RDS PostgreSQL database. Security policy states that if the database is ever exposed, attackers must not be able to leverage pre-computed rainbow tables to recover user passwords. Which approach BEST satisfies this requirement while keeping implementation effort low?
Store plaintext passwords in a column encrypted with an AWS KMS customer master key (CMK).
Hash all passwords with SHA-512 and a single hard-coded salt embedded in the application.
Save each user password as a separate secret in AWS Secrets Manager to avoid on-disk storage.
Hash each password with SHA-512 and a unique, randomly generated salt stored alongside the hash.
Rainbow table attacks rely on matching pre-computed hashes to stolen hash values. The most effective countermeasure is to combine each plaintext password with a long, cryptographically strong random salt that is unique per user, then hash the result with a secure algorithm such as SHA-512 (or a dedicated password-hash function). A unique salt forces an attacker to regenerate tables for every account individually, making large-scale offline cracking impractical. Using the same salt for every password still allows a single rainbow table to work for all records. Encrypting the column with a KMS-managed key protects data at rest but offers no protection once an attacker gains access to the ciphertext and key or performs offline hash analysis. AWS Secrets Manager is intended for application secrets like API keys; it is not a scalable store for individual end-user passwords and would still require proper hashing and salting.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a rainbow table attack?
Open an interactive chat with Bash
What is a salt and why is it important?
Open an interactive chat with Bash
Why is using a single hard-coded salt less secure than unique salts?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .