Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
A security consultant discovers that an organization is using the PCL protocol to print documents, utilizing the default driver and print settings. Which of the following is the MOST likely risk in this situation?
A.
An attacker can access and change the printer configuration.
B.
SNMP data leaving the printer will not be properly encrypted.
C.
An MITM attack can reveal sensitive information.
D.
An attacker can easily inject malicious code into the printer firmware.
E.
Attackers can use the PCL protocol to bypass the firewall of client computers.
This is #2 on my list of most ridiculous questions on the test. Keywords... PCL Protocol (this is client-side), Default Driver (client-side), Default Print Settings (printer side), Mostly Likely Risk... All keywords point to answer A. (to me). Their answer... Fact is that most printers have SNMP turned on by default for printer discover/status and community string is set to "public", so no, data is not encrypted. What about the fact it just said the printer is using the default print settings. Anyone can brute-force that attack very easily with known printer username/passwords. SNMP certainly would help to maybe identify the printer manufacture, but the default settings is MOST likely risk.
A is wrong, a client submitting a PCL job (Printer Command Language) is not used to change the printer configuration. I suppose it would be technically possible in some instance by sending a malformed PCL job. SNMP writes can be used.
B Submitting a print job does not usually trigger an SNMP response. Even if it did, SNMPv3 would be used to encrypt SNMP data.
C Is correct - and attacker performing MITM can capture in transit the PCL data and rebuild the PCL print data and obtain a copy of the print job. An attacker can also perform a variation and spoof the printer and receive it's print jobs.
D Technically may be possible, but not easy
E is wrong. An attacker can use the PCL protocol to obtain the print job. Nothing related to bypassing host machine firewalls.
Reference for answer C
https://rootsecurity.nl/2013/12/28/capture-and-re-print-print-jobs-on-you-network/
B is the only guaranteed issue, and therefore MOST likely. All the others require outside interference (attacker) to occur, making it less than 100% chance to occur.
HA! If default configuration has set-up SNMP to public, then " SNMP data leaving the printer will not be properly encrypted" is MOST LIKELY risk in there. Just because it's happening right after turning on the printer. Other risks also may be fine but we need attacker to engage attack :) .
Probably B and C, but I'll stick with B based on following:
https://www.sans.org/reading-room/whitepapers/threats/printer-insecurity-issue-1149
Any of those except E seem plausible. These questions often are way too subjective for a logical/concise field of work. Questions simply leave too much to infer...
the question doesn't hint to anything regarding SNMP. PCL protocol is clear text and most likely attack would be to read or modify the print stream. I guess this is one of the questions you can write off in an exam.
Simple Network Management Protocol is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior
I can't find squat on any of the answers above. Kapersky says this is how to protect your printer.
I'll just go with B because nothing i have read can change my mind.
Disable any printer settings that involve printing over the Internet.
Change your username and password (if your printer uses login credentials); never keep the default values.
Close router ports 9100, 515, and 721–731. See your router’s user manual to find out how.
Turn off your printer when it’s not in use.
you can inject malicious code into firmware via PCL printing. PCL print stream wound be encrypted, its in clear text, so you could monitor the traffic and see that print stream easily using packet sniffer. SNMP commands v1/v2 are default and set to read/write.. some printers are now only on read for better security.. you can actually reset print config using PCL print code code too.. the easy answer to go for would be C MITM attack can reveal sensitive data, the reason why is because the question talks about the default print driver/settings which wont have encrypt printjob with password/pin print enabled out of the box.. so again u can siff the print stream on the network easily..
To me, C is the correct answer as this is the only answer with a real business risk in the situation of running something unencrypted and on a default config. The other things are just vulnerabilities but not necessarily materializing in a concrete risk as in the answer C
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
GentleKnight
Highly Voted 3 years, 5 months agoredondo310
Highly Voted 4 years, 4 months agogonation
Most Recent 1 year, 6 months agoJRA3420
2 years, 10 months agoShoresy
2 years, 10 months agoMiltduhilt
3 years, 2 months agoPablo666
3 years, 4 months agoSchrapnel
3 years, 4 months agoGroove120
3 years, 5 months agoDW_2020
3 years, 6 months agoHanzero
3 years, 7 months agoDcfc_Doc
3 years, 7 months agosaginin
3 years, 7 months agokentasmith
3 years, 8 months agokentasmith
3 years, 7 months agoTechHead
3 years, 8 months agoSQLinjector
3 years, 8 months ago[Removed]
3 years, 9 months agothefoxx
3 years, 9 months ago