The local administrator account for a company’s VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening?
I'm not sure why everyone ignores an elephant in the room, but B screams to be selected here. If your password is indeed admin123, are you really going to add a second factor instead of creating a complex password first?
Changed my mind after revisiting this question. The local administrator account is configured with the appliance and not AD so MFA cannot be implemented on this account. However, changing the default password of the appliance would prevent this from happening again.
Can securely say it's not option D as this exact question is on 701 and removes option D.
For me that leaves only A and B...
Going for the simple answer...B
Seems to me that the Local Admin Account has no business having access to the remote Management Interface if the Principle of Least Privilege (PoLP) was being enforced/enacted. I could be wrong, but this is how I'm perceiving this scenario.
https://www.examtopics.com/discussions/comptia/view/47448-exam-sy0-601-topic-1-question-91-discussion/
https://www.examtopics.com/discussions/comptia/view/120988-exam-sy0-601-topic-1-question-634-discussion/
https://www.examtopics.com/discussions/comptia/view/105750-exam-fc0-u61-topic-1-question-150-discussion/
https://www.examtopics.com/discussions/comptia/view/45949-exam-sy0-601-topic-1-question-153-discussion/
CompTIA doesn't say when a something has a default password, why do people suddenly expect this now after 700 questions?
This is a question where I am going against the grain. I like answer choice A here (least privilege), however I'm basing it on a conclusion that I'm admittedly not 100% confident on.
First, I ask myself the question, should the local admin account credentials work on the remote management interface? This is where I am making my conclusion -- no, it shouldn't. If I analyze it from a security perspective and presume an attacker was the one that logged in, then I can presume that even if the local admin credentials were stolen, they wouldn't be able to interact with the remote management interface if least privilege was employed.
Extending the attacker scenario into the answer choice B, we don't know how the attacker obtained the admin credentials. Even though changing the default password hardens the system, it does nothing to prevent the attacker from accessing the remote management interface IF they were able to steal the more complex password -- that access is still there.
That access still remains for MFA implementation as well. Yes, the hardening technique of MFA can mitigate many attacks, however the access still remains if the attacker successfully gains a foothold. If they were able to steal the local admin credentials, who's to say they wouldn't be able to steal an access card? The means of getting the credentials is out of scope, but it is still clear that MFA would not prevent access to the remote management interface like least privilege would.
I think A: Using least privilege is the correct answer. It ensures that accounts are granted only the minimum level of access required to perform their duties. The local administrator account should not have access to systems or interfaces that are not explicitly required.
why not C? just curious. This is because if each user has their own unique ID, it would be easier to track and manage individual user activities. If an unexpected login occurs, it can be quickly identified and addressed. It also discourages the use of shared accounts, which can be a security risk
There is no indication that the admin is using the default password. But even if he was using it MFA can still help out because without the second factor access will be denied to an unauthorized user. The problem here is that the attacker found a valid password an got access to the VPN device. MFA would have prevent it from happening regardless of what the password is, default or not.
How i look at this question is:
- Administrator account for "VPN APPLIANCE" unexpectedly logged into remote "MANAGEMENT INTERFACE" which to me points more to least privilege. Because we have administrator that "unexpectedly" logged.
B. best answer.
D - MFA? no - not normally used for local accounts.
A - permissions based? no - not permission based question
C - Assigning ind ID's? sure - good idea - but the question was asking about the password
Alright hears what we know,
A local admin account was used to log in, we dont know if it was him or not, if it was him then he had rights
It also said unexpectedly logged in, so we dsnt know if it was a default or complex password
It states what would have prevented this, well if he did not have privileges then MFA and default password would not make a diffence
Just My 2 cents
Dude, I don't understand why some ppl so confidently assume its a default pass issue??? there is not even a remote mention of that!
I also just did some research because some of you drove me crazy and Yes, you can enable MFA for local administrative accounts!
why are some people so confident that its a default pass issue tho?!?!? I am very curious. I need to know if I am starting to hallucinate from doing so many questions or team B are serious lol
you're saying you solved 703 questions and you don't remember all the previous questions which had "change the default password" as the answer when it wasn't explicitly mentioned inside the question?
If it's an option for him to DO it implies he has a default password
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ProdamGarazh
Highly Voted 1 year, 6 months agodavid124
1 year, 3 months agoDChilds
Highly Voted 1 year, 6 months agodavid124
1 year, 3 months ago[Removed]
1 year, 3 months agoMortG7
1 year, 3 months agoinsanegrizly
Most Recent 11 months agoakeemcsfrancis
12 months agoballum
11 months ago65333d6
1 year agosubaie503
1 year, 2 months agoslapster
1 year, 2 months agoslapster
1 year, 2 months agoNNonso
1 year, 3 months agoStaticK9
1 year, 3 months agoPayu1994
1 year, 3 months ago6de42b3
1 year, 3 months agolicks0re
1 year, 3 months agowhoamyou
1 year, 3 months agobrf2017
1 year, 3 months agodutch001
1 year, 3 months agoPr0noob
1 year, 3 months agodavid124
1 year, 3 months agosubaie503
1 year, 2 months ago