nerdexam
Cisco

350-701 · Question #234

An organization has two systems in their DMZ that have an unencrypted link between them for communication. The organization does not have a defined password policy and uses several default accounts on

The correct answer is C. weak passwords. This question asks to identify the specific vulnerability that directly facilitates a brute-force attack from the given scenario's list of weaknesses.

Submitted by daniela_cl· Mar 30, 2026

Question

An organization has two systems in their DMZ that have an unencrypted link between them for communication. The organization does not have a defined password policy and uses several default accounts on the systems. The application used on those systems also have not gone through stringent code reviews. Which vulnerability would help an attacker brute force their way into the systems?

Exhibit

350-701 question #234 exhibit

Options

  • Amissing encryption
  • Black of file permission
  • Cweak passwords
  • Dlack of input validation

How the community answered

(48 responses)
  • A
    15% (7)
  • B
    6% (3)
  • C
    77% (37)
  • D
    2% (1)

Why each option

This question asks to identify the specific vulnerability that directly facilitates a brute-force attack from the given scenario's list of weaknesses.

Amissing encryption

Missing encryption allows for eavesdropping on data in transit but does not directly aid in brute-forcing login credentials to gain initial access to a system.

Black of file permission

Lack of file permissions primarily allows unauthorized access or modification of files *after* an attacker has already gained access to the system, not for initial brute-force entry.

Cweak passwordsCorrect

Brute-force attacks rely on guessing or systematically trying passwords until the correct one is found. The presence of weak passwords, the use of default accounts, and the absence of a defined password policy significantly increase the likelihood of such an attack succeeding by making passwords easier to guess or crack.

Dlack of input validation

Lack of input validation makes applications vulnerable to injection attacks or other logic flaws, which is distinct from a brute-force attack on system login credentials.

Concept tested: Brute-force attack susceptibility due to weak passwords

Source: https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/pin-brute-force-prevention

Topics

#Weak passwords#Brute-force attacks#Vulnerability identification#Password policy

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice