CompTIA CASP+ (CAS-004) — Question 436
A software development company is implementing a SaaS-based password vault for customers to use. The requirements for the password vault include:
• Vault encryption using a variable bloc and key size
• Resistance to brute-force attacks
Which of the following should be implemented to meet these requirements? (Choose two.)
Answer options
- A. PBKDF2
- B. RC5
- C. AES
- D. P256
- E. ECDSA
- F. RIPEMD
Correct answer: A, C
Explanation
PBKDF2 is specifically designed for password hashing and provides resistance to brute-force attacks by using a configurable number of iterations, making it suitable for this requirement. AES, as a strong encryption standard, supports variable key sizes and is widely recognized for its security features, thus also meeting the criteria. The other options, while they have their uses, do not adequately address both the encryption variability and brute-force resistance needed for the password vault.