CompTIA PenTest+ (PT0-002) — Question 351

A penetration tester accessed a database and viewed all the user information in order to access an application. However, the passwords for the application did not work. Which of the following is most likely the issue in this situation?

Answer options

• A. The application changes passwords often.
• B. The database belongs to another application.
• C. The passwords are hashed.
• D. The database is encrypted.

Correct answer: C

Explanation

The correct answer is C, as passwords are often stored in a hashed format to enhance security, making them unusable in their original form. Option A is incorrect because frequent password changes would not prevent access to the hashed version. Option B is not valid since the database could still contain relevant user information. Option D is incorrect since encryption protects data at rest but does not affect how passwords are stored in the database.