Friday, July 18, 2014

CISSP Exam Preparation (Question 249)

(249) Which of the following alternatives should NOT be used by law enforcement to gain access to a password?
A. Contacting the developer of the software for information to gain access to the computer or network through a back door
B. Compelling the suspect to provide the password
C. Data manipulation and trial procedures applied to the original version of the system hard disk
D. Using password cracker software
Explanation:
The original disk of a computer involved in a criminal investigation should not be used for any experimental purposes since data may be modified or destroyed. Any operations should be conducted on a copy of the system disk. However, the other answers are the preferred methods of gaining access to a password-protected system.
Interestingly, in answer b, there is legal precedent to order a suspect
to provide the password of a computer that is in the custody of law enforcement.

- Muhammad Idham Azhari

No comments: