You are the network administrator for a small bank in Dallas, Texas. To ensure network security,
you enact a security policy that requires all users to have 14 character passwords. After giving
your users 2 weeks notice, you change the Group Policy to force 14 character passwords. A week
later you dump the SAM database from the standalone server and run a password-cracking tool
against it. Over 99% of the passwords are broken within an hour. Why were these passwords
cracked so quickly?

A.
Networks using Active Directory never use SAM databases so the SAM database pulled was
empty

B.
Passwords of 14 characters or less are broken up into two 7-character hashes

C.
The passwords that were cracked are local accounts on the Domain Controller

D.
A password Group Policy change takes at least 3 weeks to completely replicate throughout a
network