A database administrator comes across the below records in one of the databases during an
internal audit of the payment system:
UserIDAddressCredit Card No.Password
jsmith123 fake street55XX-XXX-XXXX-1397Password100
jqdoe234 fake street42XX-XXX-XXXX-202717DEC12
From a security perspective, which of the following should be the administrator’s GREATEST
concern, and what will correct the concern?
A.
Concern: Passwords are stored in plain text.
Correction: Require a minimum of 8 alphanumeric characters and hash the password.
B.
Concern: User IDs are also usernames, and could be enumerated, thereby disclosing sensitive
account information.
Correction: Require user IDs to be more complex by using alphanumeric characters and hash the
UserIDs.
C.
Concern: User IDs are confidential private information.
Correction: Require encryption of user IDs.
D.
Concern: More than four digits within a credit card number are stored.
Correction: Only store the last four digits of a credit card to protect sensitive financial information.