CSCU Password Security and Management 3

Question 1

What is credential stuffing?

Accepted Answer

Using stolen username/password pairs from one breach to try to access other services

Answer

Credential stuffing automates the use of leaked login pairs against other websites, exploiting password reuse across accounts.

Question 2

Which password storage method is considered LEAST secure?

Accepted Answer

Writing in a plain text file on your desktop

Answer

Storing passwords in a plain text file provides no protection whatsoever — anyone with file access can immediately read all credentials.

Question 3

What is the purpose of a 'salt' added to a hashed password?

Accepted Answer

To add a random value that prevents two identical passwords from producing the same hash

Answer

A salt is a random value added to a password before hashing so that identical passwords produce unique hashes, defeating precomputed rainbow table attacks.

Question 4

What should you do before entering your password on a website?

Accepted Answer

Check that the URL uses HTTPS and the domain is correct

Answer

Verifying the HTTPS padlock and the exact domain name protects against phishing and man-in-the-middle attacks before you type sensitive credentials.

Question 5

What is a rainbow table attack?

Accepted Answer

Using precomputed hash values to reverse-lookup hashed passwords quickly

Answer

Rainbow tables are precomputed tables of hash values that allow attackers to quickly look up the plaintext password corresponding to a given hash.

CSCU - Certified Secure Computer User Practice Test

CSCU - Certified Secure Computer User Practice Test

CSCU Password Security and Management 3