350-401 · Question #160
350-401 Question #160: Real Exam Question with Answer & Explanation
The correct answer is D: PBKDF2, BCrypt, and SCrypt. Explanation PBKDF2, BCrypt, and SCrypt (Option D) are specifically designed as password hashing and key derivation functions that protect against brute force attacks by being computationally expensive and deliberately slow - making mass password-cracking attempts impractical. The
Question
Which algorithms are used to secure REST API from brute attacks and minimize the impact?
Options
- ASHA-512 and SHA-384
- BMD5 algorithm-128 and SHA-384
- CSHA-1, SHA-256, and SHA-512
- DPBKDF2, BCrypt, and SCrypt
Explanation
Explanation
PBKDF2, BCrypt, and SCrypt (Option D) are specifically designed as password hashing and key derivation functions that protect against brute force attacks by being computationally expensive and deliberately slow - making mass password-cracking attempts impractical. These algorithms incorporate features like salting (preventing rainbow table attacks) and work factors/cost parameters that can be tuned to increase resistance as hardware improves.
Options A, B, and C are incorrect because SHA-512, SHA-384, SHA-256, SHA-1, and MD5 are general-purpose cryptographic hash functions designed to be fast - which is actually a vulnerability when securing passwords, as attackers can test billions of combinations per second. MD5 and SHA-1 are also considered cryptographically broken for security purposes.
The key distinction is: fast hashes (SHA/MD5) = bad for passwords; slow hashes (PBKDF2/BCrypt/SCrypt) = good for passwords.
🧠 Memory Tip: Think "PBS" - PBKDF2, BCrypt, SCrypt - these are the "Purposely Boring & Slow" algorithms, and that slowness is exactly what protects your API from brute force attacks!
Topics
Community Discussion
No community discussion yet for this question.