C? D seems to specific for a corporate policy. Corporate policies are general in nature, they do not delve in technical specifications. A would seem to be as likely as D.
PenTest+ Practice Tests Book
D. - A company policy (corporate policy) is a documented set of guidelines, formulated after an analysis of all internal and external factors that can affect a firm’s objectives, operations, and plans. It is created by the company’s board of directors. Corporate policy lays down the company’s response to known and knowable situations and circumstances. It also determines the formulation and implementation of strategy and directs and restricts the plans, decisions, and actions of the company’s officers in achievement of its objectives. In this scenario, the corporate policy should be very detailed and specific; hence, the corporate systems must store passwords using the MD5 hashing algorithm.
These answers are hilarious, A says 8 characters 1 of them being alphanumeric, aren't most of them alphanumeric? I guess !@#$%^&A is a good password for them.
B, that's more something for the employee handbook. C is just vague enough to be a company wide directive.
D store passwords in MD5? "Johnson, get that BCrypt out of here! We need those passwords super easy to crack", if the board of directors is writing this policy maybe that answer does make sense. LOL
In case it wasn't clear, C seems most likely. The corporate policy needs to cover all the users in the org. So if the guy in the mail room needs to make an account on a company resource, he doesn't have any control of the encryption type but he can decide to use a good password with complexity. If he uses his work email as username to create an account elsewhere for work matters, he should use a good and unique password there as well, to prevent a password re-use issue in case the 3rd party gets breached. Requiring a specific password policy might not be in his or the company's control.
My opinion is that although A initially seems correct, this would be more applicable to a USER policy, such as an AUP. Since the terminology "corporate" is somewhat vague, the answer is likely D. The fact of MD5 hashes being insecure or not is moot, since corporations regularly make stupid decisions as a matter of policy.
WHICH IS THE ONLY ANSWER THAT WILL NOT GIVE A HACKER MORE INFORMATION THAN HE SHOULD BE GIVEN...EVERYONE KNOWS MD5 IS INSECURE ! QUESTION IS NOT ABOUT THAT...ANSWER IS C...DONT CARE WHAT THAT IGNORANT ASS CYBEX BOOK SAYS... OR ALL THE DUMPS SAY, AS THEY ALL COPY/PASTE EACH OTHER...THINK
While this may be true about the dumps, the dump I have said C is the right answer. My studying is reading this site vs the purchased dump and comparing the answers :) IMO C is correct.
The question isn't whether storing them as MD5 is best practice. The question is "Which is most likely to be found in the company policy". Company policy would set a standard for DAR
If D is true, why isn't A just also true? If corporate policy regarding passwords is "detailed and specific" then can't a password length be part of corporate policy?
I took a look at that book, a few of their answers seems suspect to me. The book claims "In this scenario, the corporate policy should be detailed and specific" but does not explain why this scenario is to be treated as such. Technical decisions, such a password length, and encryption method, maybe should be documented, but not in the corporate policy.
Since there can only be one answer, and corporate policies are typically not "detailed and specific" I can only assume that the answer cannot be A or D - they cannot both be right, therefore neither of them can be right.
you have some really great feedback. Have you taken the exam yet? If so, was this practice helpful?
upvoted 1 times
...
...
...
This section is not available anymore. Please use the main Exam Page.PT0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
D1960
Highly Voted 5 years, 2 months agomr_robot
Highly Voted 5 years agoAriel235788
3 years, 6 months agomiabe
Most Recent 2 years, 9 months agoversun
3 years, 10 months agodyers
3 years, 12 months agodyers
3 years, 12 months agowillingness
4 years, 1 month agowho__cares123456789___
4 years, 3 months agoxpigx
4 years, 2 months agoEZPASS
4 years, 4 months agokvm7
4 years, 4 months agoTheThreatGuy
4 years, 3 months agoboblee
4 years, 10 months agosomeguy1393
4 years, 4 months agojon34thna
5 years, 1 month agoD1960
5 years, 1 month agokabwitte
4 years, 9 months ago