PT0-001 Question #51: Real Exam Question with Answer & Explanation

Question

Options

• AMandate all employees take security awareness training.
• BImplement two-factor authentication for remote access.
• CInstall an intrusion prevention system.
• DIncrease password complexity requirements.
• EInstall a security information event monitoring solution.
• FPrevent members of the IT department from interactively logging in as administrators.
• GUpgrade the cipher suite used for the VPN solution.

Explanation

The attack exploited phishing, weak passwords, and a weak VPN cipher suite, requiring training, stronger passwords, and cipher upgrades to remediate all three vectors.

Common mistakes.

• B. Two-factor authentication hardens the login step but does not fix the weak VPN cipher suite that allowed captured hashes to be cracked offline after authentication traffic was intercepted.
• C. An intrusion prevention system blocks network-level attack signatures but does not remediate the phishing susceptibility or the cryptographic weakness in the VPN authentication mechanism.
• E. A SIEM solution improves detection and alerting capabilities but does not address the root causes of phishing credential theft or the weak VPN hashing algorithm.
• F. Restricting IT staff from interactive administrator logins is a privilege management control unrelated to the phishing attack vector and weak VPN cipher suite exploited in this scenario.

Concept tested. VPN security - phishing, password policy, cipher suite hardening

Reference. https://pages.nist.gov/800-63-3/sp800-63b.html

No community discussion yet for this question.