A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack. Which of the following remediation steps should be recommended? (Select THREE).
A) Mandate all employees take security awareness training.
B) Implement two-factor authentication for remote access.
C) Install an intrusion prevention system.
D) Increase password complexity requirements.
E) Install a security information event monitoring solution.
F) Prevent members of the IT department from interactively logging in as administrators.
G) Upgrade the cipher suite used for the VPN solution.

Question

Quizplus · Accepted Answer

The Answer of A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack. Which of the following remediation steps should be recommended? (Select THREE).
A) Mandate all employees take security awareness training.
B) Implement two-factor authentication for remote access.
C) Install an intrusion prevention system.
D) Increase password complexity requirements.
E) Install a security information event monitoring solution.
F) Prevent members of the IT department from interactively logging in as administrators.
G) Upgrade the cipher suite used for the VPN solution.

A Penetration Tester Was Able to Retrieve the Initial VPN