Chapter 6: Practice Exam 2
-
C. The presence of this vulnerability does indicate a misconfiguration on the targeted server, but that is not the most significant concern that Ty should have. Rather, he should be alarmed that the domain security policy does not prevent this configuration and should know that many other systems on the network may be affected. This vulnerability is not an indicator of an active compromise and does not rise to the level of a critical flaw.
-
B. SNMP v1 through v2c all transmit data in the clear. Instead, Chris should move his SNMP monitoring infrastructure to use SNMP v3. Adding complexity requirements helps to prevent brute-force attacks against community strings, while TLS protects against data capture. Using different community strings based on security levels helps to ensure that a single compromised string can’t impact all of the devices on a network.
-
C. This vulnerability has a low severity, but that could be dramatically increased if the...