ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
During a security review, an e-commerce company's DevOps team discovers that user passwords are stored as plain SHA-256 hashes without any additional protection. The CISO wants to lower the likelihood that attackers could leverage pre-computed rainbow tables while keeping the existing authentication flow and avoiding major performance penalties. Which action best addresses the CISO's requirement?
Leave the hash implementation unchanged and instead encrypt the entire user credentials table with AES-256 at rest.
Generate a unique, cryptographically secure random salt for every password and concatenate it with the password before applying SHA-256, storing the salt alongside the resulting hash.
Replace SHA-256 with RSA encryption of each password using the site's public key before storing it in the database.
Keep using SHA-256 but run the hash function ten times in succession without adding any salt.
Rainbow tables exploit the fact that identical passwords always produce the same unsalted hash, allowing attackers to pre-compute large tables of hash-to-password mappings. Adding a unique, cryptographically strong random salt to every password before hashing forces an attacker to generate separate tables for each possible salt value, making the attack computationally impractical. Simply switching to an encryption algorithm or encrypting the database at rest does not prevent rainbow table use against the stored hashes, and performing additional unsalted hash iterations slows guessing but still leaves the hashes vulnerable to pre-computed tables. Therefore, salting each password before hashing is the most effective and minimally disruptive measure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a salt necessary for secure password storage?
Open an interactive chat with Bash
What are rainbow tables in cybersecurity?
Open an interactive chat with Bash
How does SHA-256 hashing differ from encryption?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .