[CCCure CISSP] Password question

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] Password question

maazsq
Thanks to all who helped with my previous question.

I have another one, need your help please.

Q:  In your organization, you have identified that more than 50% of passwords are weak and and have been cracked by your pen-tester. You should:
a) Train employees on pass-phrase construction
b) Roll out a password policy
c) Roll out a password guideline
d) Train employees on strong passwords

Thanks,
Maaz

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Password question

Jorge Vega
b) Roll out a password policy


On Sat, Feb 1, 2014 at 9:14 PM, maazsq <[hidden email]> wrote:
Thanks to all who helped with my previous question.

I have another one, need your help please.

Q:  In your organization, you have identified that more than 50% of passwords are weak and and have been cracked by your pen-tester. You should:
a) Train employees on pass-phrase construction
b) Roll out a password policy
c) Roll out a password guideline
d) Train employees on strong passwords

Thanks,
Maaz

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Password question

Marouane
In reply to this post by maazsq

a) Train employees on pass-phrase construction
Marouane>> No, remember as a CISSP, think that you are a risk advisor, you do not train nor deploy things
b) Roll out a password policy
Marouane>> Yes - However, this is a tricky question, you would think that any organization has some sort of password policy in place (regardless if it is more strict or not). So, the idea is that to review the policy (if it exists) or roll out password policy changes to address the issue of weak passwords in this case.
c) Roll out a password guideline
Marouane>> Policy comes first, then think of guidelines and procedures come afterwards.If you see something wrong, you don't go directly to guidelines or start implementing procedures ...
d) Train employees on strong passwords
Marouane>> Did I say earlier that as a CISSP you do NOT train anyone?

Good luck

Marouane

On Sat, Feb 1, 2014 at 11:44 AM, maazsq <[hidden email]> wrote:
Thanks to all who helped with my previous question.

I have another one, need your help please.

Q:  In your organization, you have identified that more than 50% of passwords are weak and and have been cracked by your pen-tester. You should:
a) Train employees on pass-phrase construction
b) Roll out a password policy
c) Roll out a password guideline
d) Train employees on strong passwords

Thanks,
Maaz

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org