DevNet core 350-901 securely store unique usernames and passwords

[kdjulianofr]

There is a requirement to securely store unique usernames and passwords. Given a valid username, it is also required to validate that the password provided is correct.

Which action accomplishes this task?

 

A. Encrypt the username, hash the password, and store these values.

B. Hash the username, hash the password, and store these values.

C. Encrypt the username, encrypt the password, and store these values.

D. Hash the username, encrypt the password, and store these values.

 

Answer: A

 

I go for A:

Explanation:

"Hashing and encryption both provide ways to keep sensitive data safe. However, in almost all circumstances, passwords should be hashed, NOT encrypted."

This is the hidden content, please

• Sign In
• or
• Sign Up

[alainjugu4]

The question is not clear at all. It says "store username and password" - this would imply ability to restore them? If so - encryption should be used on both user and password. However, the second part says "Given a valid username, it is also required to validate that the password provided is correct" - this would somehow mean that the username must be encrypted (to be able to restore the original value), but the password must only be only validated - this means that it suffices to hash it!

For me, the second part explains/details the first sentence therefore the answer is A, which is also best practice. Although all answers are valid ways to keep data secure, answer A) is the answer closest to the request.

[martek]

Thanks!