GIAC Certified Incident Handler (GCIH) — Question 62

A security examiner has been given permission by senior management to conduct a password audit. What should the examiner ensure after the process completes?

Answer options

• A. Pot files are removed from cracking systems
• B. Acceptability rules are defined following the audit
• C. Users can change passwords at their discretion
• D. Cracked passwords are stored on a single system

Correct answer: D

Explanation

The correct answer is D because storing cracked passwords on a single system helps ensure better management and security of sensitive information. Option A is incorrect as removing pot files may not be necessary if they are managed properly. Option B is misleading since defining acceptability rules should ideally occur before the audit to guide the process. Option C is not relevant to the conclusion of the audit since user discretion in changing passwords is typically a standard practice.