Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam PT0-002 Topic 3 Question 62 Discussion

Actual exam question for CompTIA's PT0-002 exam
Question #: 62
Topic #: 3
[All PT0-002 Questions]

A penetration tester uses Hashcat to crack hashes discovered during a penetration test and obtains the following output:

ad09cd16529b5f5a40a3e15344e57649f4a43a267a97f008af01af803603c4c8 : Summer2023 !!

7945bb2bb08731fc8d57680ffa4aefec91c784d231de029c610b778eda5ef48b:p@ssWord123

ea88ceab69cb2fb8bdcf9ef4df884af219fffbffab473ec13f20326dc6f84d13: Love-You999

Which of the following is the best way to remediate the penetration tester's discovery?

Show Suggested Answer Hide Answer
Suggested Answer: B

The penetration tester's discovery of passwords vulnerable to hash cracking suggests a lack of robust password policies within the organization. Among the options provided, implementing a blocklist of known bad passwords is the most effective immediate remediation. This measure would prevent users from setting passwords that are easily guessable or commonly used, which are susceptible to hash cracking tools like Hashcat.

Requiring passwords to follow complexity rules (Option A) can be helpful, but attackers can still crack complex passwords if they are common or have been exposed in previous breaches. Setting a minimum password length (Option C) is a good practice, but length alone does not ensure a password's strength against hash cracking techniques. Encrypting passwords with a stronger algorithm (Option D) is a valid long-term strategy but would not prevent users from choosing weak passwords that could be easily guessed before hash cracking is even necessary.

Therefore, a blocklist addresses the specific vulnerability exposed by the penetration tester---users setting weak passwords that can be easily cracked. It's also worth noting that the best practice is a combination of strong, enforced password policies, user education, and the use of multi-factor authentication to enhance security further.


Contribute your Thoughts:

Chaya
4 months ago
Haha, 'Summer2023 !!' - that's a new one. I wonder if the 'Love-You999' guy has a thing for significant others and the number 9.
upvoted 0 times
...
Lynelle
4 months ago
Love-You999? Really? I could've guessed that one in my sleep. Definitely need to step up the password game here.
upvoted 0 times
Dorsey
3 months ago
C) Setting the minimum password length to ten characters
upvoted 0 times
...
Merilyn
3 months ago
B) Implementing a blocklist of known bad passwords
upvoted 0 times
...
Taryn
3 months ago
A) Requiring passwords to follow complexity rules
upvoted 0 times
...
Renea
3 months ago
Love-You999? Really? I could've guessed that one in my sleep.
upvoted 0 times
...
...
Earlean
4 months ago
I believe option D would be the most secure solution.
upvoted 0 times
...
Margot
4 months ago
But wouldn't option C also help in this situation?
upvoted 0 times
...
Noelia
4 months ago
I agree with Casie, complex passwords are important.
upvoted 0 times
...
Cassandra
5 months ago
Encrypting the passwords is a good idea, but it won't stop people from using weak ones in the first place. Gotta address the root of the problem here.
upvoted 0 times
...
Britt
5 months ago
Yikes, those passwords are way too simple! Blocklisting known bad passwords is a must. And 10 characters minimum is a good start, but complexity rules would be even better.
upvoted 0 times
Dana
3 months ago
Setting a minimum password length to ten characters is a good idea too.
upvoted 0 times
...
Reuben
3 months ago
I agree, we should definitely blocklist known bad passwords.
upvoted 0 times
...
Judy
4 months ago
Those passwords are terrible!
upvoted 0 times
...
Eveline
4 months ago
Setting a minimum password length to ten characters is a good idea, but we should also require complexity rules.
upvoted 0 times
...
Ruth
4 months ago
I agree, we should definitely blocklist known bad passwords.
upvoted 0 times
...
Lindsey
4 months ago
Those passwords are terrible!
upvoted 0 times
...
...
Casie
5 months ago
I think option A is the best choice.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77