Exam N10-008 topic 1 question 379 discussion

A) It has to be the default password. Why cause no matter what changes are made, the attacker would go back an ever it if the password has not been changed.

Most of these are good answers, but HOLY COW! You didn't change the default password!? And you connected it to the internet!?

it is A

ofcourse the default password should be changed, but if we go that road ^^ ya also should have a management vlan and seperate client traffic and so on. changing the default router password won't help when they acces the network trough an open service (port) that isn't used, D is the better answer in this question.

What a horrible question ! I will go for change default password. Should be done first. Otherwise they might be able to change. But considering there is a firewall it would not be easy Disable unused service: again firewall can block access from internet So, attack is happening from the internet to change the DNS servers. With a firewall it is not easy to attack. I have no clue

its A. Thats the very first thing you do on any router. No matter what protocols you disable, your password will always be known if you don't change it.

D is the next best practice. The answer is D according to Chatgpt and my CompTIA review book.

Based on the given scenario, the best practice that should be implemented on the router is D. Disable unneeded network services. DNS poisoning occurs when a non-authorized DNS server is assigned to network clients, which may happen when a router is connected to the internet. In this case, the router may be running unnecessary services that can be exploited to facilitate the DNS poisoning attack. Disabling unneeded network services is a good security practice as it reduces the attack surface of the router and limits the potential vulnerabilities that can be exploited by attackers. This can be done by disabling services that are not required for the router's basic functions or services that are not used by the organization. Changing the default password and activating control plane policing are also good security practices, but they may not directly address the issue of DNS poisoning. Router advertisement guard should not be disabled as it is a security feature that helps prevent rogue router advertisements from being sent to the network.

D. Disable unneeded network services. DNS poisoning occurs when an attacker substitutes a false IP address for a legitimate one in a DNS server's cache. To prevent this type of attack, the router should disable any unneeded network services, including any that might be providing a means for attackers to manipulate the DNS service. By reducing the attack surface, the risk of DNS poisoning attacks can be reduced. Changing the device's default password, disabling router advertisement guard, and activating control plane policing are also important security measures, but they are less relevant to preventing DNS poisoning attacks.

I would choose option C as the correct answer. "Activate control plane policing" is a security measure that can help prevent unauthorized access to the router, including DNS poisoning attacks. This feature allows network administrators to set strict access control policies on the router, including the use of specific DNS servers. By activating control plane policing, the network team can ensure that only authorized DNS servers are allowed to access the router, thereby mitigating the risk of DNS poisoning.

Agree with everyone's reasoning. Answer is "A".

It would've been C if option A hadn't been offered: default password. Every device left with its default password is a huge risk. There are billions of internet devices left with their default passwords and testing a device against its default pass is one of the first things a hacker would do. Thus the answer must be A and not C.

A. C is wrong because The Control Plane Policing feature allows users to configure a quality of service (QoS) filter that manages the traffic flow of control