An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?
When passwords are hashed, the database stores only the hash values instead of the actual passwords. This means that even if the database is breached, the attackers cannot easily obtain the original passwords.
Hashing is a one-way function, meaning it is computationally infeasible to reverse-engineer the original input from the hash. This ensures that password data is secure even if exposed.
Hashing significantly mitigates the risk of credential theft by ensuring that password data remains protected, making it the most effective choice for securing a log-in database against potential breaches.
Hashing is the correct answer because it effectively limits the impact of a database breach by storing only hashed versions of passwords, thereby protecting sensitive credential information. Hashing ensures that even if the log-in database is compromised, the passwords remain secure and difficult for attackers to reverse-engineer.
What about other information that is stored in a login database like User IDs or emails, security questions and answer, MFA, account status etc. Hashing isn't going to protect those. The only thing hashing protects in case of a breach is passwords only. This is why it can not be the best choice here. Tokenization is the correct answer.
Why not C? What if they do get the data?
Data obfuscation is the process of disguising confidential or sensitive data to protect it from unauthorized access. Data obfuscation tactics can include masking, encryption, tokenization, and data reduction. Data obfuscation is commonly used to protect sensitive data such as payment information, customer data, and health records.
Obfuscation is the generally correct, but when it comes to passwords and log-in information, it is best to store it in a non-reversible method.
Therefore, hashing is the best choice out of the options presented.
When a network is breached, segmentation makes other parts of the network safer. However, gaining access to the database by breaking the log-in password will not be of any assistance.
Instead, password hashing makes it more difficult for hackers to crack.
The correct answer is D. This is because, referencing the CompTIA study guide, Segmentation is a method of securing data by dividing networks, data, and applications into isolated components to improve sensitive data protection, limit the impact of a breach, and improve network security
The question is trying to say that if the database is already breached. If the attacker is already inside the log-in database how do you limit their potential damage/impact
so the correct answer is B - Hashing so that the attacker couldn't retrieve the actual login credentials, just the random value hashes
B. Hashing
Use Tokenization for payments and credit cards - the data needs to be retrievable, so you'd replace the sensitive info (your CC numbers) with a non-sensitive token to act as a dummy. If you use Apple/Android Pay, the CC you save on your phone is tokenized so the actual numbers can't be stolen.
Hashing is for log-in databases and such where you need to secure the info.
The answer is Hashing! The key is Log in and hashing is used for Authentication.
During login, the system combines the entered password with the stored hashes. If the result matches the stored hash, the login is successful
The correct answer is segmentation. From the CompTIA study guide, Segmentation is a method of securing data by dividing networks, data, and applications into isolated components to improve sensitive data protection, limit the impact of a breach, and improve network security
A. Tokenization
Here is why: Tokenization replaces sensitive information with token that has no meaningful value outside the tokenization system. The original data is stored securely elsewhere. If the a database with tokenized data is breached, the sensitive information remains protected. Keep in mind, hashing only protects stored passwords which is by converting them into a fixed size string of characters that are irreversible, but what about all the other data that is also stored in a login database like username or emails, security questions and answers, multi factor authentication, account status or last login information. Hashing is not going to protect all that.
This is why although hashing is a great choice for securing passwords, it is not the best option considering the context of a login database and hence tokenization is the correct answer!
B. Hashing
Hashing is the most likely recommendation for protecting a log-in database. By hashing passwords, the organization ensures that even if the database is breached, the actual passwords are not exposed in plaintext. Hashing converts passwords into a fixed-size string of characters, which is not reversible, thus protecting user credentials.
Therefore, the correct answer is:
B. Hashing
This section is not available anymore. Please use the main Exam Page.SY0-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dbrowndiver
Highly Voted 8 months, 2 weeks agoa4e15bd
8 months ago35f7aac
Highly Voted 10 months, 3 weeks agojsmthy
6 months, 3 weeks ago9149f41
Most Recent 2 months, 2 weeks agobraveheart22
2 months, 3 weeks agoVinceoooy
2 weeks, 3 days agodeejay2
3 months, 1 week agoXezita
5 months agodeejay2
5 months, 3 weeks agoTy13
6 months, 3 weeks agoRIDA_007
7 months agoSpikeyOG
7 months, 1 week agonyyankee718
7 months, 1 week ago17f9ef0
7 months, 2 weeks agoa4e15bd
8 months agomr.sgtan
8 months, 3 weeks agomr.sgtan
8 months, 3 weeks agomr.sgtan
8 months, 3 weeks agoAndrewyounan
9 months agoEtc_Shadow28000
10 months, 1 week ago