Valid CAS-004 Dumps shared by ExamDiscuss.com for Helping Passing CAS-004 Exam! ExamDiscuss.com now offer the newest CAS-004 exam dumps, the ExamDiscuss.com CAS-004 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-004 dumps with Test Engine here:
A security analyst is evaluating the security of an online customer banking system. The analyst has a 12-character password for the test account. At the login screen, the analyst is asked to enter the third, eighth, and eleventh characters of the password. Which of the following describes why this request is a security concern? (Choose two.)
Correct Answer: D,E
The request to enter specific characters of the password rather than the full password may be a security measure intended to make it more difficult for an attacker to gain access to the account by guessing the password. However, it also means that a potential attacker only needs to be able to guess or brute force three characters of the password rather than all 12 characters. In addition, the fact that the system is able to retrieve specific characters of the password suggests that the password is stored in a reversible format, which means that it can be read by anyone who has access to it.