Network Security/ 5.9 Network Device Vulnerabilities Questions with solution 2023

Network Security/ 5.9 Network Device Vulnerabilities Questions with solution 2023 For security, what is the first thing you should do when new hardware and software is turned on for the first time? Change default account names and passwords immediately What are the characteristics of a complex password? typically over 8 characters and a mix of character types (numbers and symbols) along with requirements that the passwords are not words, variations of words or derivatives of the username Why is it important to apply new firmware or patches for devices? Software updates may help fix bugs before they happen What are major risks of hard-coded passwords on devices throughout the enterprise? What are the resources you can use to keep track of existing technology vulnerabilities in an organization? VMDR (Vulnerability Management, Detection, and Response Privilege escalation A software bug or design flaw in an application that allows an attacker to gain access to system resources or additional privileges that aren't typically available examples of privilege escalation: 1. A user accessing a system with a regular user account that is able to access functions reserved for higher-level user accounts (such as administrative features). 2. A user who is able to access content that should only be accessible to a different user. 3. A user who should only have administrative access that can access content that should only be available to a regular user. Backdoor An unprotected and usually lesser known access method or pathway that may allow attackers access to system resources Zero-day vulnerability A software vulnerability that is unknown to the vendor that can be exploited by attackers Common Vulnerabilities and Exposures (CVEs) A repository of vulnerabilities hosed by MITRE Corporation While developing a network application, a programmer adds functionally that allows her to access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. Which type of security weakness does this describe? Backdoor An attacker was able to gain unauthorized access to a mobile phone and install a Trojan horse so that he or she could bypass security controls and reconnect later. Which type of attack is this an example of? Backdoor In an effort to increase the security of your organization, programmers have been informed they can no longer bypass security during development. Which vulnerability are you attempting to prevent? Backdoor Which of the following are characteristics of a complex password? (Select two.) Has a minimum of eight characters Consists of letters, numbers, and symbols An attacker has gained access to the administrator's login credentials. Which type of attack has most likely occurred? Password cracking When setting up a new wireless access point, what is the first configuration change that should be made? Default login You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You've configured the management interface with a username of admin and a password of password. What should you do to increase the security of this device? Use a stronger administrative password. A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees' accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred? Privilege escalation An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions? Privilege escalation Travis and Craig are both standard users on the network. Each user has a folder on the network server that only they can access. Recently, Travis has been able to access Craig's folder. This situation indicates which of the following has occurred? Privilege escalation