New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GAQM CPEH-001 Exam - Topic 3 Question 113 Discussion

Actual exam question for GAQM's CPEH-001 exam
Question #: 113
Topic #: 3
[All CPEH-001 Questions]

A remote user tries to login to a secure network using Telnet, but accidently types in an invalid user name or password. Which responses would NOT be preferred by an experienced Security Manager? (multiple answer)

Show Suggested Answer Hide Answer
Suggested Answer: A, B

As little information as possible should be given about a failed login attempt. Invalid username or password is not desirable.


by Paulina at Jul 07, 2025, 11:35 AM

Limited Time Offer

25%

Off

Get Premium CPEH-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tiffiny
2 months ago
"B is also not great, could confuse users."
upvoted 0 times
...
Eladia
2 months ago
"Totally agree, specific errors are better!"
upvoted 0 times
...
Michell
2 months ago
"C and D are too vague for security."
upvoted 0 times
...
Elvis
3 months ago
"I thought 'Access Denied' was standard?"
upvoted 0 times
...
Kimberely
3 months ago
"Really? I didn't know 'Authentication Failure' was a bad response."
upvoted 0 times
...
Annabelle
3 months ago
I feel like "Authentication Failure" is a safer choice, but I can't remember if it was mentioned as a preferred response in our study materials.
upvoted 0 times
...
Stephanie
3 months ago
"Access Denied" sounds like it could be a preferred response, but I recall a practice question where it was suggested to avoid giving clear reasons for failure.
upvoted 0 times
...
Jani
4 months ago
I think "Invalid Username" and "Invalid Password" might be too specific, but I'm not entirely sure if they are the worst options.
upvoted 0 times
...
Britt
4 months ago
I remember discussing how specific error messages can give away too much information to potential attackers.
upvoted 0 times
...
Sharmaine
4 months ago
This question is testing our understanding of best practices for handling failed login attempts. I'll apply what I've learned in class.
upvoted 0 times
...
Valentin
4 months ago
Okay, I've got a strategy - I'll eliminate the responses that are too specific and focus on the more general, secure options.
upvoted 0 times
...
Micaela
4 months ago
I'm a bit unsure about this one. I'll need to review my notes on secure authentication practices.
upvoted 0 times
...
Shad
5 months ago
I'm pretty confident I know the right answers here. Let me go through the options systematically.
upvoted 0 times
...
Blair
5 months ago
Hmm, this is a tricky one. I'll need to think carefully about the security implications of each response.
upvoted 0 times
...
Eileen
6 months ago
Ooh, tricky one! Gotta love those security managers, always keeping us on our toes. A and B are the clear winners here - let's not make it easy for the bad guys, eh?
upvoted 0 times
...
Nichelle
7 months ago
Ah, the age-old battle between security and user experience. Gotta find that sweet spot, you know? A and B are the way to go, no need to spill the beans.
upvoted 0 times
Maile
5 months ago
B) Invalid Password
upvoted 0 times
...
Erick
5 months ago
A) Invalid Username
upvoted 0 times
...
...
Leota
7 months ago
Haha, this is like a game of password guessing. The more info you give, the easier it is to crack the code. A and B all the way, keep 'em guessing!
upvoted 0 times
Pamela
5 months ago
E) Access Denied
upvoted 0 times
...
In
5 months ago
B) Invalid Password
upvoted 0 times
...
Freeman
6 months ago
A) Invalid Username
upvoted 0 times
...
...
Brittni
7 months ago
I'd go with A and B, keep it simple and vague. No need to give the attacker any clues about what went wrong. Security 101, folks!
upvoted 0 times
Sharita
6 months ago
B) Invalid Password
upvoted 0 times
...
Vallie
6 months ago
A) Invalid Username
upvoted 0 times
...
Sheron
6 months ago
B) Invalid Password
upvoted 0 times
...
Whitney
7 months ago
A) Invalid Username
upvoted 0 times
...
...
Freeman
7 months ago
I think option D) Login Attempt Failed would not be preferred either, as it gives away too much information about the login process.
upvoted 0 times
...
Amos
7 months ago
I agree with Noble. Option C) Authentication Failure would also not be preferred because it discloses too much information to potential attackers.
upvoted 0 times
...
Leslie
8 months ago
Oops, looks like they're trying to hack the system with those invalid login attempts. C, D, and E are way too specific - gotta keep those details under wraps!
upvoted 0 times
Aja
7 months ago
C) Authentication Failure
upvoted 0 times
...
Loren
7 months ago
B) Invalid Password
upvoted 0 times
...
Nicolette
7 months ago
A) Invalid Username
upvoted 0 times
...
...
Noble
8 months ago
I think option A) Invalid Username would not be preferred by an experienced Security Manager because it reveals specific information about the error.
upvoted 0 times
...

Save Cancel