Free CompTIA PenTest+ PT0-002 Practice Question

During a penetration test, you discover that the client's web application is storing user passwords in a database using a hashing algorithm without a salt. You need to report this finding and recommend an appropriate remediation strategy. Which recommendation enhances the security of password storage?

Use SHA-256 with a dynamic salt for hashing each user's password.
Convert existing hashes to MD5 with a dynamic salt for added security.
Implement bcrypt with a dynamic salt for hashing each user's password.
Store passwords using reversible AES encryption.

This question's topic:

CompTIA PenTest+ PT0-002 /

Reporting and Communication

SAVE $49

CompTIA PenTest+ Voucher (PT0-002)

$404.00 $355.00

Free CompTIA PenTest+ PT0-002 Practice Question

Answer Description

Ask Bash

What is bcrypt and why is it better than other hashing algorithms?

What is a salt, and how does it enhance password security?

Why is using fast hashing algorithms, like SHA-256 or MD5, unsuitable for password storage?

Free CompTIA PenTest+ PT0-002 Practice Question

Report Issue

Answer Description

Ask Bash

What is bcrypt and why is it better than other hashing algorithms?

What is a salt, and how does it enhance password security?

Why is using fast hashing algorithms, like SHA-256 or MD5, unsuitable for password storage?

Report Issue