Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam PT0-002 Topic 5 Question 60 Discussion

Actual exam question for CompTIA's PT0-002 exam
Question #: 60
Topic #: 5
[All PT0-002 Questions]

A penetration tester uses Hashcat to crack hashes discovered during a penetration test and obtains the following output:

ad09cd16529b5f5a40a3e15344e57649f4a43a267a97f008af01af803603c4c8 : Summer2023 !!

7945bb2bb08731fc8d57680ffa4aefec91c784d231de029c610b778eda5ef48b:p@ssWord123

ea88ceab69cb2fb8bdcf9ef4df884af219fffbffab473ec13f20326dc6f84d13: Love-You999

Which of the following is the best way to remediate the penetration tester's discovery?

Show Suggested Answer Hide Answer
Suggested Answer: B

The penetration tester's discovery of passwords vulnerable to hash cracking suggests a lack of robust password policies within the organization. Among the options provided, implementing a blocklist of known bad passwords is the most effective immediate remediation. This measure would prevent users from setting passwords that are easily guessable or commonly used, which are susceptible to hash cracking tools like Hashcat.

Requiring passwords to follow complexity rules (Option A) can be helpful, but attackers can still crack complex passwords if they are common or have been exposed in previous breaches. Setting a minimum password length (Option C) is a good practice, but length alone does not ensure a password's strength against hash cracking techniques. Encrypting passwords with a stronger algorithm (Option D) is a valid long-term strategy but would not prevent users from choosing weak passwords that could be easily guessed before hash cracking is even necessary.

Therefore, a blocklist addresses the specific vulnerability exposed by the penetration tester---users setting weak passwords that can be easily cracked. It's also worth noting that the best practice is a combination of strong, enforced password policies, user education, and the use of multi-factor authentication to enhance security further.


Contribute your Thoughts:

Rocco
5 months ago
Ten characters? That's cute. These passwords are so bad, I'd just lock everyone out and start over. B is the only way to go.
upvoted 0 times
...
Elenore
5 months ago
Haha, 'Love-You999'? Seriously? That's just asking to be hacked. B is the obvious choice here.
upvoted 0 times
...
Alton
5 months ago
Requiring complex passwords is a good start, but a blocklist is really the only way to ensure those terrible passwords don't get used. B is the way to go.
upvoted 0 times
Simona
3 months ago
C: Encrypting passwords with a stronger algorithm can add an extra layer of security, but a blocklist is more effective in preventing weak passwords.
upvoted 0 times
...
Tracey
4 months ago
B: Setting a minimum password length is important too, but a blocklist can really help in this situation.
upvoted 0 times
...
Charolette
4 months ago
A: I agree, using a blocklist of known bad passwords is crucial to prevent weak passwords from being used.
upvoted 0 times
...
Ettie
4 months ago
C: Setting the minimum password length to ten characters could also help strengthen security.
upvoted 0 times
...
Dexter
4 months ago
B: I agree, implementing a blocklist of known bad passwords is crucial in this situation.
upvoted 0 times
...
Edison
4 months ago
A: Requiring complex passwords is a good start, but a blocklist is really the only way to ensure those terrible passwords don't get used.
upvoted 0 times
...
...
Man
5 months ago
Encrypting the passwords with a stronger algorithm is a good idea, but it won't stop people from choosing bad passwords in the first place. I'd go with B.
upvoted 0 times
Kasandra
4 months ago
D: Encrypting the passwords with a stronger algorithm
upvoted 0 times
...
Sonia
4 months ago
C: Setting the minimum password length to ten characters
upvoted 0 times
...
Barrett
4 months ago
B: Implementing a blocklist of known bad passwords
upvoted 0 times
...
Rickie
4 months ago
Yeah, that way even if they choose a weak password, it won't be accepted.
upvoted 0 times
...
Thora
5 months ago
I agree, implementing a blocklist of known bad passwords is a good first step.
upvoted 0 times
...
Ben
5 months ago
A: Requiring passwords to follow complexity rules
upvoted 0 times
...
...
Bronwyn
5 months ago
I see your point, Joaquin, but I still think option A is the most practical solution.
upvoted 0 times
...
Joaquin
5 months ago
But wouldn't encrypting with a stronger algorithm be more secure?
upvoted 0 times
...
Irma
6 months ago
Wow, those passwords are so weak! B definitely seems like the best option to prevent these common passwords from being used.
upvoted 0 times
Mitsue
5 months ago
Yeah, it's important to prevent users from using easily guessable passwords.
upvoted 0 times
...
Alexia
5 months ago
I agree, using a blocklist of known bad passwords would definitely help.
upvoted 0 times
...
...
Emeline
6 months ago
I agree with Refugia, complex passwords are important.
upvoted 0 times
...
Refugia
6 months ago
I think option A is the best choice.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77