nerdexam
GIAC

GCIH · Question #639

A security examiner has been given permission by senior management to conduct a password audit. What should she make sure of after the process?

The correct answer is A. Cracked passwords are removed from the system. After a password audit, all cracked passwords must be immediately removed or reset to remediate the identified vulnerabilities and prevent exploitation.

Incident Response & Cyber Kill Chain

Question

A security examiner has been given permission by senior management to conduct a password audit. What should she make sure of after the process?

Options

  • ACracked passwords are removed from the system
  • BAcceptability rules are defined as the audit happens
  • CUsers can change passwords at their discretion
  • DCracked passwords are stored on the system

How the community answered

(26 responses)
  • A
    96% (25)
  • C
    4% (1)

Why each option

After a password audit, all cracked passwords must be immediately removed or reset to remediate the identified vulnerabilities and prevent exploitation.

ACracked passwords are removed from the systemCorrect

A password audit's value lies in identifying weak credentials that an attacker could also crack; leaving those passwords active after discovery means the vulnerability remains open and the audit accomplished nothing from a risk-reduction standpoint. Once cracked passwords are identified, they must be removed or forced to reset so that the window of exposure is closed before a malicious actor can leverage the same techniques to gain unauthorized access.

BAcceptability rules are defined as the audit happens

Password acceptability rules and audit criteria must be defined and approved before the audit begins, not formulated during the process, to ensure the scope and methodology are authorized and consistent.

CUsers can change passwords at their discretion

Leaving the decision to change passwords entirely to users after weak credentials are discovered does not guarantee timely remediation and keeps the organization exposed for an indefinite period.

DCracked passwords are stored on the system

Retaining cracked passwords on the system creates a secondary security risk by leaving a record of compromised credentials accessible to anyone who gains access to that system.

Concept tested: Password audit post-process remediation steps

Source: https://csrc.nist.gov/publications/detail/sp/800-63b/final

Topics

#password audit#authorized testing#cracked credentials#post-assessment handling

Community Discussion

No community discussion yet for this question.

Full GCIH Practice