An auditor observes that a company uses 'Hashing' to store passwords. Why is hashing preferred over encryption for password storage?

Answer options:

Hashing is faster than encryption.

Hashing allows the administrator to recover lost passwords.

Hashing is a one-way function, meaning the original password cannot be retrieved even if the database is compromised.

Hashing uses shorter keys.

How to approach this question

Encryption = Two-way (Lock/Unlock). Hashing = One-way (Blender).

Full Answer

C.Hashing is a one-way function, meaning the original password cannot be retrieved even if the database is compromised.✓ Correct

Hashing is a one-way function, meaning the original password cannot be retrieved even if the database is compromised.

Hashing transforms data into a fixed-size string of characters. It is designed to be one-way, so if a hacker steals the password database, they cannot reverse the hash to find the actual password.

Common mistakes

Thinking hashing allows password recovery.

Question 49 All questions Question 51

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard

View all 82 questions →