GAQM Exam CPEH-001 Topic 2 Question 81 Discussion

Actual exam question for GAQM's CPEH-001 exam

Question #: 81
Topic #: 2

One of your junior administrator is concerned with Windows LM hashes and password cracking. In your discussion with them, which of the following are true statements that you would point out?

Select the best answers.

AJohn the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn't show if the password is upper or lower case.

BBY using NTLMV1, you have implemented an effective countermeasure to password cracking.

CSYSKEY is an effective countermeasure.

DIf a Windows LM password is 7 characters or less, the hash will be passed with the following characters, in HEX- 00112233445566778899.

EEnforcing Windows complex passwords is an effective countermeasure.
Explanations:
John the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn't show if the password is upper or lower case. John the Ripper is a very effective password cracker. It can crack passwords for many different types of operating systems. However, one limitation is that the output doesn't show if the password is upper or lower case. BY using NTLMV1, you have implemented an effective countermeasure to password cracking. NTLM Version 2 (NTLMV2) is a good countermeasure to LM password cracking (and therefore a correct answer). To do this, set Windows 9x and NT systems to 'send NTLMv2 responses only'. SYSKEY is an effective countermeasure. It uses 128 bit encryption on the local copy of the Windows SAM. If a Windows LM password is 7 characters or less, the has will be passed with the following characters:
0xAAD3B435B51404EE
Enforcing Windows complex passwords is an effective countermeasure to password cracking. Complex passwords are- greater than 6 characters and have any 3 of the following 4 items: upper case, lower case, special characters, and numbers.

Show Suggested Answer

Suggested Answer: C

The order should be Passive information gathering, Network level discovery, Host scanning and Analysis of host scanning.

by Jesusita at Feb 13, 2024, 12:00 AM

Limited Time Offer

25%

Off

Get Premium CPEH-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Maryann

1 months ago

Complex passwords, you say? Sounds like a real party trick to keep the hackers at bay. I'll make sure my team knows the drill - upper, lower, numbers, and special chars. Bring it on!

upvoted 0 times

...

2 months ago

SYSKEY, huh? Sounds like a real heavyweight champion in the password protection arena. I'll have to give that a try.

upvoted 0 times

Douglass

2 days ago

Enforcing complex passwords is also important for security.

upvoted 0 times

...

Laura

4 days ago

Yes, it uses 128 bit encryption on the local copy of the Windows SAM.

upvoted 0 times

...

Maurine

6 days ago

SYSKEY is a great tool for password protection.

upvoted 0 times

...

2 months ago

John the Ripper is a beast! But I'm a little bummed the output doesn't show case sensitivity. Guess I'll have to do some extra work to figure that out.

upvoted 0 times

Darrin

21 days ago

User 2

upvoted 0 times

...

Bernardo

27 days ago

User 1

upvoted 0 times

...

Celia

28 days ago

E) Enforcing Windows complex passwords is an effective countermeasure.

upvoted 0 times

...

Farrah

2 months ago

A) John the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn't show if the password is upper or lower case.

upvoted 0 times

...

Nakisha

2 months ago

I think option A is true because John the Ripper doesn't show if the password is upper or lower case.

upvoted 0 times

...