Exam SY0-601 topic 1 question 824 discussion

C. Pass the hash attack By resetting the local passwords, the security administrator is changing the hash values of the passwords, which invalidates any previously stolen hashes. This prevents the attacker from using the old hashes to access the system or move laterally across the network. Resetting the local passwords does not protect against password compromise, unless the administrator also ensures that the passwords are stored securely, transmitted over encrypted channels, and protected from phishing or keylogging attacks.

The table is a distractor. Just read the question without the table. Only D makes sense based on what is being asked. The attacker can still take the values from a newly generated table to perform the pass-the-hash attack.

The password change action and storing the password hashes are protecting against password compromise

C. Pass the hash

The values provided in the scenario look like hashed representations of passwords. When a security administrator resets local passwords and stores them in a hashed format, it is likely done to protect against pass-the-hash attacks.

its is local users hashes not passed anywhere

only answer that makes sense

C. Pass-the-hash attacks Pass-the-hash attacks involve an attacker obtaining hashed passwords from a compromised system and then using those hashes to authenticate to other systems on the network. The use of MD5 hashed passwords (as seen in the provided values) can be vulnerable to pass-the-hash attacks because once the hash is obtained, it can potentially be used to authenticate without needing to crack the password itself. By resetting the local passwords and recording new hashed values, the security administrator is likely aiming to mitigate the risk of pass-the-hash attacks by ensuring that even if an attacker obtains hashed passwords, they will be unable to use them for unauthorized access.

D. Password compromise I think they are just resetting the passwords based on time. All of the accounts are admin accounts so I'm assuming they have admins reset their accounts more frequently than other users. In this situation, the fact that the passwords are hashed doesn't matter because there are programs to crack the hash and changing the hash more frequently doesn't make it any easier/harder for the software to crack said hash... Lack of access to the actual hashes makes pass-the-hash attacks harder.

Seems like a password compromise. Admin reset passwords and what we're seeing are simply the new MD5 hashed values

D. Password compromise

Is that a protection against pass hash because the passwords are stored in hash format ? I dont think so.. I would go D.

All values are diff. Probably a passed compromise triggered a reset for everyone

C. Pass the Hash as the recorded values are in hash representation rather than clear text.