manlike.wang 发表于 2022-6-8 19:19:58

security + 的問題,請各位先進,解感?

A company recently experienced an attack in which a malicious actor was able to exfiltrate
data by cracking stolen passwords, using a rainbow table the sensitive dat a. Which of the following
should a security engineer do to prevent such an attack in the future?
A. Use password hashing.
B. Enforce password complexity.
C. Implement password salting.
D. Disable password reuse.
Answer: D

請問各位先進,為何答案不選 B 呢?

whoopy 发表于 2022-6-19 17:47:13

{:6_264:}{:6_264:}因為答案就在題目中...
by cracking stolen passwords....
所以瞜{:6_291:}{:6_291:}
在準備Security+認證嗎....

rp722 发表于 2022-9-29 12:26:04

是选B, 楼主Security+考了吗?

rp722 发表于 2022-9-29 12:26:33

是选B, 楼主Security+考了吗?

Intern 发表于 2022-10-14 12:52:55

答案是D,因為你已經中了rainbow table attack,所以應該關閉密碼重置功能,避免重複造成同一組密碼外洩。

henry110 发表于 2022-10-21 10:59:49

我认为这题应该选C,本体的关键是在密码破解过程中使用了rainbow table,它的作用是穷举所有已知hash来加速本地密码破解。对付rainbow table的方法之一便是给在密码转换为hash前加盐,使其更随机化

Jackhaung 发表于 2024-5-7 16:24:19

感謝樓主!
页: [1]
查看完整版本: security + 的問題,請各位先進,解感?