CompTIA PenTest+ (PT0-002) — Question 142

In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format:. Which of the following would be the best action for the tester to take NEXT with this information?

Answer options

• A. Create a custom password dictionary as preparation for password spray testing.
• B. Recommend using a password manager/vault instead of text files to store passwords securely.
• C. Recommend configuring password complexity rules in all the systems and applications.
• D. Create a TPM-backed sealed storage location within which the unprotected file repository can be reported.

Correct answer: A

Explanation

The correct answer is A because creating a custom password dictionary allows the tester to effectively leverage the discovered passwords for password spray attacks, enhancing the testing process. Options B and C are more about improving security practices in the future rather than taking immediate action based on the current findings. Option D is not relevant to the immediate exploitation of the discovered information.