nerdexam
Exams220-1002Questions#43
CompTIA

220-1002 · Question #43

220-1002 Question #43: Real Exam Question with Answer & Explanation

The correct answer is A: Disable guest account. The attack had two stages: a USB drive auto-executed code on the servers, and that code (or the attacker) then logged in using common/default credentials. Modifying AutoRun settings (C) prevents programs on USB drives from launching automatically when the drive is inserted, closi

Question

A security team is auditing a company's network logs and notices that a USB drive was previously inserted into several of the servers. Many login attempts were then successfully performed using common login information. Which of the following actions should be taken to close the vulnerability? (Select two.)

Options

  • ADisable guest account
  • BRemove admin permissions
  • CModify AutoRun settings
  • DChange default credentials
  • ERun OS security updates
  • FInstall a software firewall

Explanation

The attack had two stages: a USB drive auto-executed code on the servers, and that code (or the attacker) then logged in using common/default credentials. Modifying AutoRun settings (C) prevents programs on USB drives from launching automatically when the drive is inserted, closing the initial execution vector. Disabling the guest account (A) eliminates the easily-guessable or blank-password account that was exploited as the 'common login information.' Removing admin permissions (B) does not address default credentials. Changing default credentials (D) is similar to A but the exam singles out the guest account specifically. OS updates (E) and a software firewall (F) do not directly address either the AutoRun or the default-credential vulnerability.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 220-1002 Practice
A security team is auditing a company's network logs and notices... | 220-1002 Q#43 Answer | NerdExam