Free CompTIA PenTest+ PT0-002 Practice Question

During a penetration test, you discover that the client's web application is storing user passwords in a database using a hashing algorithm without a salt. You need to report this finding and recommend an appropriate remediation strategy. Which recommendation enhances the security of password storage?

  • Store passwords using reversible AES encryption.

  • Use SHA-256 with a dynamic salt for hashing each user's password.

  • Implement bcrypt with a dynamic salt for hashing each user's password.

  • Convert existing hashes to MD5 with a dynamic salt for added security.

This question's topic:
CompTIA PenTest+ PT0-002 / 
Reporting and Communication
Your Score:

Check or uncheck an objective to set which questions you will receive.