GIAC Certified Incident Handler (GCIH) — Question 153

The incident response team has been working with the various systems teams to find a way to gain root access to systems in event of an incident. It has been proposed that the system teams keep copies of all system passwords and crypto keys in sealed envelopes in a safe in the IT director's office. The envelopes are kept updated by the systems teams and access to the envelopes is logged by the IT director. However, the VMware system team is concerned about unqualified handlers having root access to the VMware host servers. What additional qualifier would make this agreement more agreeable to the VMware system team?

Answer options

• A. Agree that only handlers with VMware experience will access the system
• B. Create a password reset disk to be used in case of an incident
• C. Have one member of the incident response team know the password
• D. Call VMware system team for incidents involving their systems to gain access

Correct answer: B

Explanation

The correct answer is B because creating a password reset disk allows for a secure method to regain access without exposing root passwords to unqualified handlers. The other options do not sufficiently address the VMware system team's concerns about unauthorized access and may still allow unqualified personnel to intervene in critical situations.