security + 的問題,請各位先進,解感?
A company recently experienced an attack in which a malicious actor was able to exfiltratedata by cracking stolen passwords, using a rainbow table the sensitive dat a. Which of the following
should a security engineer do to prevent such an attack in the future?
A. Use password hashing.
B. Enforce password complexity.
C. Implement password salting.
D. Disable password reuse.
Answer: D
請問各位先進,為何答案不選 B 呢?
{:6_264:}{:6_264:}因為答案就在題目中...
by cracking stolen passwords....
所以瞜{:6_291:}{:6_291:}
在準備Security+認證嗎.... 是选B, 楼主Security+考了吗? 是选B, 楼主Security+考了吗? 答案是D,因為你已經中了rainbow table attack,所以應該關閉密碼重置功能,避免重複造成同一組密碼外洩。 我认为这题应该选C,本体的关键是在密码破解过程中使用了rainbow table,它的作用是穷举所有已知hash来加速本地密码破解。对付rainbow table的方法之一便是给在密码转换为hash前加盐,使其更随机化 感謝樓主!
页:
[1]