nerdexam
GIAC

GCIH · Question #763

A security examiner has been given permission by senior management to conduct a password audit. What should the examiner ensure after the process completes?

The correct answer is A. Pot files are removed from cracking systems. After a password audit, pot files storing cracked credentials must be securely deleted from cracking systems to prevent unauthorized access to sensitive plaintext passwords.

Vulnerability Exploitation & Privilege Escalation

Question

A security examiner has been given permission by senior management to conduct a password audit. What should the examiner ensure after the process completes?

Options

  • APot files are removed from cracking systems
  • BAcceptability rules are defined following the audit
  • CUsers can change passwords at their discretion
  • DCracked passwords are stored on a single system

How the community answered

(28 responses)
  • A
    96% (27)
  • B
    4% (1)

Why each option

After a password audit, pot files storing cracked credentials must be securely deleted from cracking systems to prevent unauthorized access to sensitive plaintext passwords.

APot files are removed from cracking systemsCorrect

Password cracking tools such as Hashcat and John the Ripper store cracked hash-to-plaintext mappings in pot files (e.g., hashcat.potfile, john.pot) during an audit. These files accumulate sensitive credential data and must be securely removed upon completion to comply with data handling requirements and ensure cracked passwords cannot be accessed beyond the authorized audit scope.

BAcceptability rules are defined following the audit

Defining password acceptability rules is a policy-level activity that should occur before or independently of the audit, not a post-audit cleanup step for removing cracking artifacts.

CUsers can change passwords at their discretion

Whether users may change passwords at their discretion is a general access control policy decision unrelated to the cleanup of sensitive cracking tool artifacts after an audit.

DCracked passwords are stored on a single system

Consolidating cracked passwords onto a single system still leaves sensitive credential data exposed and at risk; the correct post-audit action is complete removal of cracked credential artifacts, not centralization.

Concept tested: Post-audit cleanup of password cracking pot files

Topics

#password auditing#credential management#pot files#operational security

Community Discussion

No community discussion yet for this question.

Full GCIH Practice