The key difference here is an act of a compromise. Use of default credentials is not a compromise, whereas a dictionary attack (which could easily crack default credentials) is a compromise.
The question is
Which of the following compromises Internet-connected devices and makes them vulnerable to becoming part of a botnet
default credentials does compromise internet connected devices.
No? Default credentials imply a vulnerability to dictionary attacks. But unless the device is attacked, it will not be compromised, even with default credentials.
Googling the definition of compromise gives you the following:
* bring into disrepute or danger by indiscreet, foolish, or reckless behavior.
"situations in which his troops could be compromised."
* cause to become vulnerable or function less effectively.
"yo-yo dieting can compromise your immune system."
By that definition, using default credentials would be considered "compromising" a device as such actions (or lack thereof) would make the said device vulnerable to things such as a dictionary attack and, therefore, to becoming part of a botnet.
The two options that compromise Internet-connected devices and make them vulnerable to becoming part of a botnet are:
B. Malware infection
E. Use of default credentials
Malware infection can infiltrate devices, granting unauthorized access to attackers, while the use of default credentials allows easy access for attackers to compromise devices. Both of these methods are commonly employed by cybercriminals to recruit devices into botnets for malicious activities such as Distributed Denial of Service (DDoS) attacks.
i think key words here are "what compromises". if a dictionary attack is successful they have access malware infection also = access. use of default credentials by themselves dont compromise, a threat actor would need to use a dictionary attack to compromise default credentials.
BF
Easier to implement a password change over a login lockout that will probably be triggered by users far more than attacks, and would also have an impact on production. Both have left the system in a state where they could be compromised. MALWARE & DEFAULT PASSWORDS
Compromised Security = The unauthorized disclosure, modification, substitution, or use of sensitive data (e.g., keys, metadata, or other security-related information) or the unauthorized modification of a security-related system, device, or process in order to gain unauthorized access.
https://csrc.nist.gov/glossary/term/compromise#:~:text=The%20unauthorized%20disclosure%2C%20modification%2C%20substitution,order%20to%20gain%20unauthorized%20access.
A malware infection comes from allowing the install of a program you shouldn't have installed & now it's causing problems that were not prepared for by any sort of management.
Dictionary attack is a compromise of security, because you used recognizable words rather than encrypted code.
Compromised Security = The unauthorized disclosure, modification, substitution, or use of sensitive data (e.g., keys, metadata, or other security-related information) or the unauthorized modification of a security-related system, device, or process in order to gain unauthorized access.
https://csrc.nist.gov/glossary/term/compromise#:~:text=The%20unauthorized%20disclosure%2C%20modification%2C%20substitution,order%20to%20gain%20unauthorized%20access.
A malware infection comes from allowing the install of a program you shouldn't have installed & now it's causing problems that were not prepared for by any sort of management.
Dictionary attack is a compromise of security, because you used recognizable words rather than encrypted code.
I was thinking B,C.
B. Malware is the prime reason pc will become a bot zombie.
C. Ip Spoofing. Reflective DNS. Using multiple DNS servers with the victims spoofed IP to create a amplified DoS attack.
A,D,E,F are ways attackers gain access to network/PC and plant malware.
GPT picks B and E:
"The two options that compromise Internet-connected devices and make them vulnerable to becoming part of a botnet are:
(B) Malware infection: Malicious software (malware) can infect devices, giving attackers control over them and potentially using them as part of a botnet for various malicious activities.
(E) Use of default credentials: Many devices come with default usernames and passwords that users might not change. Attackers can exploit this by using default credentials to gain unauthorized access to devices and manipulate them for their purposes.
The other options (A, C, D, F) are security-related concerns but are not directly linked to turning devices into botnet members."
The two options that compromise Internet-connected devices and make them vulnerable to becoming part of a botnet are:
Malware infection
Use of default credentials
Two of the possible causes of Internet-connected devices becoming part of a botnet are malware infection and use of default credentials. Malware infection can happen when users unknowingly install malicious software on their devices that turns them into zombies controlled by a botmaster. Use of default credentials can allow attackers to easily access and compromise devices that have not changed their factory settings.
Amazing question and from an organization that also conducts security certification. I can use a vulnerability in many unique ways to create an attack. Now to dumb down my thinking to the pay-grade of certification question-creators: nope, my mind refuses
All of these attacks can be used to create an attack. I can use de-auth attack and make it connect to my evil-twin AP-SSID and then attack it to make it a botnet. I can use the firmware corruption (which is my real worry with IOT devices) to make it a botnet. I can use IP spoofing and default credentials as well.
We have to guess which part of the internet or book the question creator read that day. Comptia should use some part of the fees to pay these people
B. Malware infection
E. Use of default credentials
Explanation: Malware infection can compromise Internet-connected devices and make them vulnerable to becoming part of a botnet. Use of default credentials can also compromise devices and make them vulnerable to becoming part of a botnet.
The two options that compromise Internet-connected devices and make them vulnerable to becoming part of a botnet are:
B. Malware infection: Malware is a type of software designed to harm or exploit any device that it infects. Malware can be used to gain unauthorized access to a device or network, steal sensitive information, or turn the device into a bot for use in a botnet.
E. Use of default credentials: Many devices come with default login credentials that are well known and can be easily exploited by attackers. If these credentials are not changed, attackers can gain access to the device and install malware or use it as part of a botnet.
Which of the following compromises Internet-connected devices and makes them vulnerable to becoming part of a botnet? Babyzilla is right: Compromises is the key word, so a dictionary atack and a malware would compromise.
This section is not available anymore. Please use the main Exam Page.N10-008 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
tahs
Highly Voted 2 years, 1 month agobabyzilla
Highly Voted 2 years agoNishkurup
1 year, 11 months agoJakub2023
1 year, 7 months ago8choxo
11 months, 4 weeks agostanislaus450
Most Recent 6 months, 3 weeks agoe5c1bb5
8 months, 2 weeks agoInjunJim
10 months, 2 weeks agoMehsotopes
12 months agoMehsotopes
12 months agonextseason
1 year, 1 month agoMitchF
1 year, 2 months agoJuliana1017
1 year, 3 months agoRobV
1 year, 6 months agorabarbar1
1 year, 7 months agofamco
1 year, 7 months agofamco
1 year, 7 months agoI_Know_Everything_KY
1 year agoStellarSteve
1 year, 7 months agofamco
1 year, 7 months ago1amlearninG
1 year, 7 months agoJakeCharles
1 year, 9 months agoVlad_R
1 year, 9 months ago