Which statement about cryptography for credentials is correct?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI DSS Test with detailed questions and explanations. Use flashcards and quizzes to enhance knowledge. Ensure you're ready for your certification exam!

Multiple Choice

Which statement about cryptography for credentials is correct?

Explanation:
The idea being tested is that credentials must be protected with strong cryptography both when they are moved across networks and when they are stored. In practice, this means using secure protocols to protect data in transit (for example, TLS to prevent eavesdropping and tampering) and applying robust cryptographic protections at rest (such as strong encryption or salted, slow-hash storage for passwords, with proper key management). This dual protection helps prevent credentials from being exposed if data is intercepted or stolen. Storing credentials in plaintext is insecure because there is no protection if the data is accessed. Requiring weekly changes is a policy detail not about cryptography itself and isn’t the reason credentials should be protected. Saying credentials are never encrypted directly contradicts the fundamental security principle of safeguarding sensitive information.

The idea being tested is that credentials must be protected with strong cryptography both when they are moved across networks and when they are stored. In practice, this means using secure protocols to protect data in transit (for example, TLS to prevent eavesdropping and tampering) and applying robust cryptographic protections at rest (such as strong encryption or salted, slow-hash storage for passwords, with proper key management). This dual protection helps prevent credentials from being exposed if data is intercepted or stolen.

Storing credentials in plaintext is insecure because there is no protection if the data is accessed. Requiring weekly changes is a policy detail not about cryptography itself and isn’t the reason credentials should be protected. Saying credentials are never encrypted directly contradicts the fundamental security principle of safeguarding sensitive information.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy