ExpertMedium1 markMultiple Choice
CPA · Question 67 · Area II: Security
A company stores customer passwords in a database. To protect them, they use a hashing algorithm. Which additional technique should be applied to prevent 'Rainbow Table' attacks?
A company stores customer passwords in a database. To protect them, they use a hashing algorithm. Which additional technique should be applied to prevent 'Rainbow Table' attacks?
Answer options:
A.
Encrypting the hash.
B.
Salting
C.
Using MD5.
D.
Key rotation.
How to approach this question
Rainbow Tables = Pre-computed lists of hashes. Salt = Randomness that breaks the list.
Full Answer
B.Salting✓ Correct
B
Salting involves adding a unique, random string of characters to each password before it is hashed. This means that two users with the same password will have different hashes, making pre-computed rainbow table attacks ineffective.
Common mistakes
Thinking encryption prevents rainbow tables (it's hashing we are talking about).
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard