312-50V13 Question #601: Real Exam Question with Answer & Explanation

Question

In your cybersecurity class, you are learning about common security risks associated with web servers. One topic that comes up is the risk posed by using default server settings. Why is using default settings on a web server considered a security risk, and what would be the best initial step to mitigate this risk?

Options

• ADefault settings allow unlimited login attempts; setup account lockout
• BDefault settings reveal server software type; change these settings
• CDefault settings cause server malfunctions; simplify the settings
• DDefault settings enable auto-updates; disable and manually patch

Explanation

Using default settings on a web server is a security risk because it often reveals the server software type and version, providing attackers with targets for known vulnerabilities, which can be mitigated by changing these settings.

Common mistakes.

• A. While unlimited login attempts are a risk, they are not the primary, universally applicable security risk associated with default server settings in the context of information leakage; default settings mainly relate to configuration, access, and identifiers.
• C. Default settings are typically designed for basic functionality, not to cause malfunctions, and simplifying settings is not a direct security mitigation for the risks posed by insecure defaults.
• D. Default settings do not necessarily enable auto-updates as a primary risk; disabling auto-updates can actually increase risk if patches are not applied, and the core issue with defaults is often configuration and information exposure, not update mechanisms.

Concept tested. Web server hardening, default configurations

Reference. https://learn.microsoft.com/en-us/windows-server/security/server-hardening/server-hardening-guidance

No community discussion yet for this question.