Certified Information Systems Security Professional (CISSP) — Question 324

A user's credential for an application is stored in a relational database. Which control protects the confidentiality of the credential while it is stored?

Answer options

• A. Use a salted cryptographic hash of the password.
• B. Validate passwords using a stored procedure.
• C. Allow only the application to have access to the password field in order to verify user authentication.
• D. Encrypt the entire database and embed an encryption key in the application.

Correct answer: A

Explanation

Using a salted cryptographic hash of the password is the best way to protect its confidentiality, as it transforms the password into a secure format that cannot be easily reversed. The other options either do not provide adequate protection for stored credentials, such as allowing broader access to the password or relying on database-wide encryption without addressing individual credential security.