CompTIA PenTest+ PT0-002 Practice Question
During a penetration test, you discover that the client's web application is storing user passwords in a database using a hashing algorithm without a salt. You need to report this finding and recommend an appropriate remediation strategy. Which recommendation enhances the security of password storage?
Convert existing hashes to MD5 with a dynamic salt for added security.
Implement bcrypt with a dynamic salt for hashing each user's password.
Store passwords using reversible AES encryption.
Use SHA-256 with a dynamic salt for hashing each user's password.