Reveal Solution : YES! Show comments : I'm going to fail.

This is #2 on my list of most ridiculous questions on the test. Keywords... PCL Protocol (this is client-side), Default Driver (client-side), Default Print Settings (printer side), Mostly Likely Risk... All keywords point to answer A. (to me). Their answer... Fact is that most printers have SNMP turned on by default for printer discover/status and community string is set to "public", so no, data is not encrypted. What about the fact it just said the printer is using the default print settings. Anyone can brute-force that attack very easily with known printer username/passwords. SNMP certainly would help to maybe identify the printer manufacture, but the default settings is MOST likely risk.

A is wrong, a client submitting a PCL job (Printer Command Language) is not used to change the printer configuration. I suppose it would be technically possible in some instance by sending a malformed PCL job. SNMP writes can be used. B Submitting a print job does not usually trigger an SNMP response. Even if it did, SNMPv3 would be used to encrypt SNMP data. C Is correct - and attacker performing MITM can capture in transit the PCL data and rebuild the PCL print data and obtain a copy of the print job. An attacker can also perform a variation and spoof the printer and receive it's print jobs. D Technically may be possible, but not easy E is wrong. An attacker can use the PCL protocol to obtain the print job. Nothing related to bypassing host machine firewalls. Reference for answer C https://rootsecurity.nl/2013/12/28/capture-and-re-print-print-jobs-on-you-network/

What is PCL?! It's not mentioned in any of my study materials and isn't on CompTIA's exam objectives

B is the only guaranteed issue, and therefore MOST likely. All the others require outside interference (attacker) to occur, making it less than 100% chance to occur.

Answer: C Reference: http://hacking-printers.net/wiki/index.php/PCL

HA! If default configuration has set-up SNMP to public, then " SNMP data leaving the printer will not be properly encrypted" is MOST LIKELY risk in there. Just because it's happening right after turning on the printer. Other risks also may be fine but we need attacker to engage attack :) .

But print settings are not printer settings; there is nothing in the question actually asking you about THE printer ...

Probably B and C, but I'll stick with B based on following: https://www.sans.org/reading-room/whitepapers/threats/printer-insecurity-issue-1149 Any of those except E seem plausible. These questions often are way too subjective for a logical/concise field of work. Questions simply leave too much to infer...

the question doesn't hint to anything regarding SNMP. PCL protocol is clear text and most likely attack would be to read or modify the print stream. I guess this is one of the questions you can write off in an exam.

They really want you to fail lol

Simple Network Management Protocol is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior

I can't find squat on any of the answers above. Kapersky says this is how to protect your printer. I'll just go with B because nothing i have read can change my mind. Disable any printer settings that involve printing over the Internet. Change your username and password (if your printer uses login credentials); never keep the default values. Close router ports 9100, 515, and 721–731. See your router’s user manual to find out how. Turn off your printer when it’s not in use.

you can inject malicious code into firmware via PCL printing. PCL print stream wound be encrypted, its in clear text, so you could monitor the traffic and see that print stream easily using packet sniffer. SNMP commands v1/v2 are default and set to read/write.. some printers are now only on read for better security.. you can actually reset print config using PCL print code code too.. the easy answer to go for would be C MITM attack can reveal sensitive data, the reason why is because the question talks about the default print driver/settings which wont have encrypt printjob with password/pin print enabled out of the box.. so again u can siff the print stream on the network easily..

To me, C is the correct answer as this is the only answer with a real business risk in the situation of running something unencrypted and on a default config. The other things are just vulnerabilities but not necessarily materializing in a concrete risk as in the answer C

Annoying since SNMP is not mentioned at all

Ridiculous!