CompTIA PenTest+ (PT0-001) — Question 4

A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack. Which of the following remediation steps should be recommended? (Select
THREE).

Answer options

• A. Mandate all employees take security awareness training.
• B. Implement two-factor authentication for remote access.
• C. Install an intrusion prevention system.
• D. Increase password complexity requirements.
• E. Install a security information event monitoring solution.
• F. Prevent members of the IT department from interactively logging in as administrators.
• G. Upgrade the cipher suite used for the VPN solution.

Correct answer: B, C, G

Explanation

Implementing two-factor authentication (B) adds an extra layer of security, making it harder for attackers to gain access even if credentials are compromised. An intrusion prevention system (C) can help detect and block such attacks in real-time, while upgrading the cipher suite (G) ensures that the encryption used for the VPN is more secure, reducing the risk of successful attacks. The other options, while beneficial, do not directly address the immediate vulnerabilities exploited in this scenario.