CAS-003 · Question #703
CAS-003 Question #703: Real Exam Question with Answer & Explanation
The correct answer is B: Credentials stored, hashed, and salted on each local machine. The critical requirement that eliminates most choices is: 'Credentials must remain unknown to the vendor at all times.' Options A and C store credentials in a vendor's cloud, meaning the vendor infrastructure handles them - even with encryption in transit, the vendor could potent
Question
Options
- ACredentials encrypted in transit and then stored, hashed and salted in a vendor's cloud, where the
- BCredentials stored, hashed, and salted on each local machine
- CCredentials encrypted in transit and stored in a vendor's cloud, where the enterprise retains the
- DCredentials encrypted in transit and stored on an internal network server with backups that are
Explanation
The critical requirement that eliminates most choices is: 'Credentials must remain unknown to the vendor at all times.' Options A and C store credentials in a vendor's cloud, meaning the vendor infrastructure handles them - even with encryption in transit, the vendor could potentially access them unless the enterprise holds the decryption keys (C is truncated but likely describes this). Option D stores on an internal server, which is closer but involves backup complexity. Option B stores credentials hashed and salted on each local machine - the vendor never has custody of the credentials at any stage, fully satisfying the vendor-unknowing requirement. The tradeoff is that local storage has scalability limitations for large enterprises, but among the given options, B is the only one that categorically prevents vendor access.
Community Discussion
No community discussion yet for this question.