In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: .
Which of the following would be the best action for the tester to take NEXT with this information?

A. Create a custom password dictionary as preparation for password spray testing.

B. Recommend using a password manager/vault instead of text files to store passwords securely.

C. Recommend configuring password complexity rules in all the systems and applications.

D. Document the unprotected file repository as a finding in the penetration-testing report.








 

Suggested Answer: D

Community Answer: D



This question is in PT0-002 CompTIA PenTest+ Exam
For getting CompTIA PenTest+ Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.