Exam PT1-002 topic 1 question 9 discussion

You guys are stupid. Let's see my discussion A. is wrong because using complex password is useless if you still rely on basic authentication that the password can be simply revealed by decoding base64 on HTTP traffic. B. is wrong because SSH daemon is already secure. Protocol 2.0 mean this is SSH v2. Moreover, how do you know whether this Cisco version is outdated or not without searchin for internet while examing? remember, CompTIA is vender-neutral not a sponsored by Cisco. C. is also incorrect! if you disable redirect. how the hell the function to redirect http to https will work????? this is essential function for security F. WTF if you eliminate network management and control interfaces, how can you configure and manage the system????????????? C is correct because you should not show the management publicly especially in production. It should have a separate network for management. E. is correct. You should have better method for authentication rather than simple base64 encoding! (Authentication Basic)

Since this all about PenTesting I would go B and D B. Running an old SSH protocol, needs to be upgraded. Upgrading SSH would make the network harder to penetrate - old protocols are vulnerable. D. Out of Band Network for management. Moving the network out of band would make the network management less vulnerable and harder to penetrate. B and D would make the network harder to penetrate. A. is irrelevant. C. is a redirect misconfiguration but doesn't affect how penetrable the network is E. Not enough info to determine this imo F. Eliminating Network Management can't be the solution lol

B. Disable or upgrade SSH daemon: The Nmap scan shows that the SSH service on port 22 is open and running a relatively old version of the Cisco SSH protocol (1.25). It is recommended to disable SSH if it is not required or upgrade to a more secure and up-to-date version. This helps mitigate potential security vulnerabilities associated with older versions of SSH. F. Eliminate network management and control interfaces: The finding that network management interfaces are available on the production network indicates a potential security risk. It is generally recommended to separate network management traffic onto a dedicated out-of-band network, separate from the production network. By creating an out-of-band network for management purposes, the risk of unauthorized access or interference with critical network devices can be reduced.

It has to be C&D

I agree with C & D

I'll go with C&D, having management interfaces on production networks is never a good idea.