Posted by: Pdfprep
Post Date: October 30, 2020
A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack.
Which of the following remediation steps should be recommended? (Select THREE)
A . Mandate all employees take security awareness training
B . Implement two-factor authentication for remote access
C . Install an intrusion prevention system
D . Increase password complexity requirements
E . Install a security information event monitoring solution.
F . Prevent members of the IT department from interactively logging in as administrators
G . Upgrade the cipher suite used for the VPN solution
Answer: A,B,D