A penetration test has demonstrated that domain administrator accounts were vulnerable to pass-the-hash attacks. Which of the following would have been the best strategy to prevent the threat actor from using domain administrator accounts?
A.
Audit each domain administrator account weekly for password compliance.
B.
Implement a privileged access management solution.
C.
Create IDS policies to monitor domain controller access.
D.
Use Group Policy to enforce password expiration.
B. Implement a privileged access management solution.
Explanation:
A privileged access management (PAM) solution minimizes the risk of pass-the-hash attacks by enforcing stricter controls on privileged accounts, such as domain administrators. PAM solutions include features like just-in-time access, session monitoring, credential vaulting, and isolating privileged credentials, ensuring that attackers cannot easily exploit administrative credentials.
Why not the other options?
A. Audit each domain administrator account weekly for password compliance: While auditing is good practice, it does not directly prevent pass-the-hash attacks because the attack uses hashed credentials, not passwords themselves.
C. Create IDS policies to monitor domain controller access: Monitoring is helpful for detection, but it does not prevent the attack. Pass-the-hash attacks exploit credential reuse, which monitoring alone cannot stop.
Privileged access management (PAM) refers to policies, procedures, and technical
controls to prevent compromise of privileged accounts. These controls identify and
document privileged accounts, giving visibility into their use, and managing the
credentials used to access them.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Anyio
2 months agoiliecomptia
3 months, 1 week ago