During a training exercise, a security analyst must determine the vulnerabilities to prioritize. The analyst reviews the following vulnerability scan output:
Which of the following issues should the analyst address first?
A.
Allows anonymous read access to /etc/passwd
B.
Allows anonymous read access via any FTP connection
C.
Microsoft Defender security definition updates disabled
D.
less command allows for escape exploit via terminal
B allows easy remote access without authentication, while A needs some prior access to exploit. Also, modern /etc/passwd is not as critical anymore. It lists user account names and default shells, but the actual password hashes have been moved to /etc/shadow (which is more protected).
Anonymous FTP is still a very serious risk because attackers can directly connect and act remotely, without needing any foothold inside the machine first.
A still has a security layer its in read where the server has no security layer at all. ITs C
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ouflomana
2 days, 12 hours agoSusan4041
2 weeks, 3 days ago