350-701 · Question #234
350-701 Question #234: Real Exam Question with Answer & Explanation
The correct answer is C: weak passwords. This question asks to identify the specific vulnerability that directly facilitates a brute-force attack from the given scenario's list of weaknesses.
Question
An organization has two systems in their DMZ that have an unencrypted link between them for communication. The organization does not have a defined password policy and uses several default accounts on the systems. The application used on those systems also have not gone through stringent code reviews. Which vulnerability would help an attacker brute force their way into the systems?
Options
- Amissing encryption
- Black of file permission
- Cweak passwords
- Dlack of input validation
Explanation
This question asks to identify the specific vulnerability that directly facilitates a brute-force attack from the given scenario's list of weaknesses.
Common mistakes.
- A. Missing encryption allows for eavesdropping on data in transit but does not directly aid in brute-forcing login credentials to gain initial access to a system.
- B. Lack of file permissions primarily allows unauthorized access or modification of files after an attacker has already gained access to the system, not for initial brute-force entry.
- D. Lack of input validation makes applications vulnerable to injection attacks or other logic flaws, which is distinct from a brute-force attack on system login credentials.
Concept tested. Brute-force attack susceptibility due to weak passwords
Topics
Community Discussion
No community discussion yet for this question.