Multiple Choice
A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack. Which of the following remediation steps should be recommended? (Select THREE) .
A) Mandate all employees take security awareness training.
B) Implement two-factor authentication for remote access.
C) Install an intrusion prevention system.
D) Increase password complexity requirements.
E) Install a security information event monitoring solution.
F) Prevent members of the IT department from interactively logging in as administrators.
G) Upgrade the cipher suite used for the VPN solution.
Correct Answer:
Verified
Correct Answer:
Verified
Q121: Which of the following situations would cause
Q122: A penetration tester notices that the X-Frame-Options
Q123: A penetration tester delivers a web application
Q124: Which of the following tools would a
Q125: During the exploitation phase of a penetration
Q127: After performing a security assessment for a
Q128: A penetration tester is performing a black
Q129: Which of the following tools is used
Q130: A company hires a penetration tester to
Q131: A penetration tester has compromised a host.