ExpertHard1 markMultiple Choice
CPA · Question 50 · Area II: Security
An auditor observes that a company uses 'Hashing' to store passwords. Why is hashing preferred over encryption for password storage?
An auditor observes that a company uses 'Hashing' to store passwords. Why is hashing preferred over encryption for password storage?
Answer options:
A.
Hashing is faster than encryption.
B.
Hashing allows the administrator to recover lost passwords.
C.
Hashing is a one-way function, meaning the original password cannot be retrieved even if the database is compromised.
D.
Hashing uses shorter keys.
How to approach this question
Encryption = Two-way (Lock/Unlock). Hashing = One-way (Blender).
Full Answer
C.Hashing is a one-way function, meaning the original password cannot be retrieved even if the database is compromised.✓ Correct
Hashing transforms data into a fixed-size string of characters. It is designed to be one-way, so if a hacker steals the password database, they cannot reverse the hash to find the actual password.
Common mistakes
Thinking hashing allows password recovery.
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard