CV0-003 · Question #710
A systems administrator wants to verify the word "qwerty" has not been used as a password on any of the administrative web consoles in a network. Which of the following will achieve this goal?
The correct answer is C. A default and common credentialed scan. Verifying that a specific weak password like 'qwerty' is not in use on administrative web consoles requires a default and common credentialed scan, which actively attempts authentication using known weak passwords.
Question
A systems administrator wants to verify the word "qwerty" has not been used as a password on any of the administrative web consoles in a network. Which of the following will achieve this goal?
Options
- AA service availability scan
- BAn agent-based vulnerability scan
- CA default and common credentialed scan
- DA network port scan
How the community answered
(52 responses)- A2% (1)
- B2% (1)
- C90% (47)
- D6% (3)
Why each option
Verifying that a specific weak password like 'qwerty' is not in use on administrative web consoles requires a default and common credentialed scan, which actively attempts authentication using known weak passwords.
A service availability scan only determines whether a service is reachable and responding; it does not attempt authentication or evaluate password strength.
An agent-based vulnerability scan uses an installed agent to enumerate software versions and misconfigurations for known CVEs; it does not perform login attempts against web console credential forms.
A default and common credentialed scan systematically attempts to log in to discovered services and web consoles using a dictionary of well-known weak and default passwords, including entries like 'qwerty', 'password', and 'admin'. This directly validates whether any administrative interface accepts the target password by performing an actual authentication attempt. It is the only scan type listed that tests credential validity rather than just checking reachability or known CVEs.
A network port scan identifies open ports and infers running services but performs no authentication and cannot detect whether a specific password is accepted by any service.
Concept tested: Default and common credential scanning against admin consoles
Source: https://csrc.nist.gov/publications/detail/sp/800-115/final
Topics
Community Discussion
No community discussion yet for this question.