350-701 · Question #234
An organization has two systems in their DMZ that have an unencrypted link between them for communication. The organization does not have a defined password policy and uses several default accounts on
The correct answer is C. weak passwords. This question asks to identify the specific vulnerability that directly facilitates a brute-force attack from the given scenario's list of weaknesses.
Question
An organization has two systems in their DMZ that have an unencrypted link between them for communication. The organization does not have a defined password policy and uses several default accounts on the systems. The application used on those systems also have not gone through stringent code reviews. Which vulnerability would help an attacker brute force their way into the systems?
Exhibit
Options
- Amissing encryption
- Black of file permission
- Cweak passwords
- Dlack of input validation
How the community answered
(48 responses)- A15% (7)
- B6% (3)
- C77% (37)
- D2% (1)
Why each option
This question asks to identify the specific vulnerability that directly facilitates a brute-force attack from the given scenario's list of weaknesses.
Missing encryption allows for eavesdropping on data in transit but does not directly aid in brute-forcing login credentials to gain initial access to a system.
Lack of file permissions primarily allows unauthorized access or modification of files *after* an attacker has already gained access to the system, not for initial brute-force entry.
Brute-force attacks rely on guessing or systematically trying passwords until the correct one is found. The presence of weak passwords, the use of default accounts, and the absence of a defined password policy significantly increase the likelihood of such an attack succeeding by making passwords easier to guess or crack.
Lack of input validation makes applications vulnerable to injection attacks or other logic flaws, which is distinct from a brute-force attack on system login credentials.
Concept tested: Brute-force attack susceptibility due to weak passwords
Source: https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/pin-brute-force-prevention
Topics
Community Discussion
No community discussion yet for this question.
