PrepAway - Latest Free Exam Questions & Answers

Which of the following provide the BEST protection agai…

A security engineer is asked by the company’s development team to recommend the most secure method for
password storage.
Which of the following provide the BEST protection against brute forcing stored passwords? (Choose two.)

PrepAway - Latest Free Exam Questions & Answers

A.
PBKDF2

B.
MD5

C.
SHA2

D.
Bcrypt

E.
AES

F.
CHAP

Explanation:
A: PBKDF2 (Password-Based Key Derivation Function 2) is part of PKCS #5 v. 2.01. It applies some function
(like a hash or HMAC) to the password or passphrase along with Salt to produce a derived key.
D: bcrypt is a key derivation function for passwords based on the Blowfish cipher. Besides incorporating a salt
to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be
increased to make it slower, so it remains resistant to brute-force search attacks even with increasing
computation power.
The bcrypt function is the default password hash algorithm for BSD and many other systems.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014,
pp. 109-110, 139, 143, 250, 255-256, 256

PrepAway - Latest Free Exam Questions & Answers

Leave a Reply