CompTIA Security Plus Mock Test Q425

An online store wants to protect user credentials and credit card information so that customers can store their credit card information and use their card for multiple separate transactions. Which of the following database designs provides the BEST security for the online store?

A. Use encryption for the credential fields and hash the credit card field
B. Encrypt the username and hash the password
C. Hash the credential fields and use encryption for the credit card field
D. Hash both the credential fields and the credit card field


Correct Answer: C
Section: Compliance and Operational Security

Explanation:
Hashing refers to the hash algorithms used in cryptography. It is used to store data, such as hash tables. One main characteristic of hashing is that the algorithm must have few or no collisions – in hashing two different inputs does not give the same output. Thus the credential fields should be hashed because anyone customer will have a unique credit card number/ identity and since they will use their credit cards for many different transactions, the credit card field should be encrypted only, not hashed.

Incorrect Answers:
A: Encryption should be used on the credit card field because the customers could be making many separate transactions using the same credit card. The credential field should be hashed and not encrypted because anyone customer would most likely use a credit card to make purchases and not many credit cards to make purchases at the same online store.
B: Credit card customers would not be using usernames and passwords to make purchases from an online store.
D: Hashing the credit card field will limit the customers to one transaction only and not multiple separate transactions.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 255, 291