nerdexam
GIAC

GCIH · Question #671

Which of the following would be exposed to an attacker as a result of a remote employee attempting to connect to company resources without a VPN?

The correct answer is B. The employee's domain credentials. Without a VPN, a remote employee's authentication traffic to company resources traverses the public internet unprotected, exposing domain credentials to interception.

Incident Response & Cyber Kill Chain

Question

Which of the following would be exposed to an attacker as a result of a remote employee attempting to connect to company resources without a VPN?

Options

  • AThe employee's private key
  • BThe employee's domain credentials
  • CThe laptop's private key
  • DThe laptop's encryption password

How the community answered

(52 responses)
  • A
    2% (1)
  • B
    90% (47)
  • C
    2% (1)
  • D
    6% (3)

Why each option

Without a VPN, a remote employee's authentication traffic to company resources traverses the public internet unprotected, exposing domain credentials to interception.

AThe employee's private key

Private keys used for certificates or encryption are stored locally on the device and are never transmitted over the network during standard domain authentication.

BThe employee's domain credentialsCorrect

When a remote employee authenticates to company resources without a VPN, protocols such as NTLM transmit credential material over unencrypted or interceptable channels on the public internet. An attacker positioned to perform a man-in-the-middle attack or passive network sniffing could capture domain credentials or NTLM challenge-response hashes, which can then be relayed or cracked offline to compromise the account.

CThe laptop's private key

The laptop's private key is a locally stored cryptographic asset that is not sent across the network when a user connects to remote company resources.

DThe laptop's encryption password

Disk encryption passwords are used locally to unlock storage volumes at boot and are not transmitted over the network during remote resource authentication.

Concept tested: Domain credential exposure risk without VPN protection

Source: https://learn.microsoft.com/en-us/windows-server/remote/remote-access/vpn/vpn-top

Topics

#VPN security#credential exposure#remote access#authentication

Community Discussion

No community discussion yet for this question.

Full GCIH Practice