CISSP · Question #762
An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to th
The correct answer is C. Demonstrate that non-compliant passwords cannot be created in the system.. The best response to the auditor is to demonstrate that the system enforces the password policy and does not allow non-compliant passwords to be created. This way, the auditor can verify the compliance without compromising the confidentiality or integrity of the encrypted passwor
Question
Options
- AProvide the encrypted passwords and analysis tools to the auditor for analysis.
- BAnalyze the encrypted passwords for the auditor and show them the results.
- CDemonstrate that non-compliant passwords cannot be created in the system.
- DDemonstrate that non-compliant passwords cannot be encrypted in the system.
How the community answered
(23 responses)- A17% (4)
- B13% (3)
- C65% (15)
- D4% (1)
Explanation
The best response to the auditor is to demonstrate that the system enforces the password policy and does not allow non-compliant passwords to be created. This way, the auditor can verify the compliance without compromising the confidentiality or integrity of the encrypted passwords. Providing the encrypted passwords and analysis tools to the auditor (A) may expose the passwords to unauthorized access or modification. Analyzing the encrypted passwords for the auditor and showing them the results (B) may not be sufficient to convince the auditor of the compliance, as the results could be manipulated or falsified. Demonstrating that non-compliant passwords cannot be encrypted in the system (D) is not a valid response, as encryption does not depend on the compliance of the passwords.
Topics
Community Discussion
No community discussion yet for this question.