Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam SSCP All Questions

View all questions & answers for the SSCP exam
Go to Exam

Exam SSCP topic 3 question 56 discussion

Actual exam question from ISC's SSCP
Question #: 56
Topic #: 3
[All SSCP Questions]

What setup should an administrator use for regularly testing the strength of user passwords?

  • A. A networked workstation so that the live password database can easily be accessed by the cracking program.
  • B. A networked workstation so the password database can easily be copied locally and processed by the cracking program.
  • C. A standalone workstation on which the password database is copied and processed by the cracking program.
  • D. A password-cracking program is unethical; therefore it should not be used. C
Show Suggested Answer Hide Answer
Suggested Answer: Explanation 🗳️
Poor password selection is frequently a major security problem for any system's security. Administrators should obtain and use password-guessing programs frequently to identify those users having easily guessed passwords.
Because password-cracking programs are very CPU intensive and can slow the system on which it is running, it is a good idea to transfer the encrypted passwords to a standalone (not networked) workstation. Also, by doing the work on a non-networked machine, any results found will not be accessible by anyone unless they have physical access to that system.
Out of the four choice presented above this is the best choice.
However, in real life you would have strong password policies that enforce complexity requirements and does not let the user choose a simple or short password that can be easily cracked or guessed. That would be the best choice if it was one of the choice presented.
Another issue with password cracking is one of privacy. Many password cracking tools can avoid this by only showing the password was cracked and not showing what the password actually is. It is masking the password being used from the person doing the cracking.
Source: National Security Agency, Systems and Network Attack Center (SNAC), The 60 Minute Network Security Guide, February 2002, page 8.
by RanjithK at Feb. 14, 2024, 7:47 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
RanjithK
9 months, 2 weeks ago
Selected Answer: C
A standalone workstation on which the password database is copied and processed
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel