CompTIA CASP+ Practice Test

From a security perspective, what is the primary concern with the database records provided in the audit?

• A. Credit card information is unencrypted.
• B. Passwords are stored in plain text.
• C. User IDs are predictable.
• D. The database lacks proper access controls.

The correct answer is: Passwords are stored in plain text.

From a security perspective, the primary concern with database records related to passwords stored in plain text is that it poses a significant risk to user security. When passwords are not encrypted and are stored in a readable format, anyone who gains unauthorized access to the database can easily read and exploit these passwords. This lack of protection means that if the database is compromised, attackers can immediately use the passwords to gain access to user accounts, leading to potential data breaches, identity theft, and other detrimental consequences. Storing passwords in plain text does not just violate best practices; it also goes against fundamental principles of information security. Secure methodologies recommend hashing and salting passwords, which transforms them into a format that is neither easily readable nor directly usable by attackers. As organizations become more aware of the need for data protection, storing passwords securely is critical to maintaining the confidentiality and integrity of sensitive user information. Other concerns, while also significant, do not present as immediate a threat as the issue of plain-text password storage. Unencrypted credit card information can lead to financial fraud, predictable user IDs can lead to account enumeration attacks, and a lack of proper access controls can allow unauthorized users to access sensitive data, but these issues do not compromise user accounts as directly as exposed plain-text passwords