nerdexam
CompTIA

CV0-003 · Question #710

A systems administrator wants to verify the word "qwerty" has not been used as a password on any of the administrative web consoles in a network. Which of the following will achieve this goal?

The correct answer is C. A default and common credentialed scan. Verifying that a specific weak password like 'qwerty' is not in use on administrative web consoles requires a default and common credentialed scan, which actively attempts authentication using known weak passwords.

Security

Question

A systems administrator wants to verify the word "qwerty" has not been used as a password on any of the administrative web consoles in a network. Which of the following will achieve this goal?

Options

  • AA service availability scan
  • BAn agent-based vulnerability scan
  • CA default and common credentialed scan
  • DA network port scan

How the community answered

(52 responses)
  • A
    2% (1)
  • B
    2% (1)
  • C
    90% (47)
  • D
    6% (3)

Why each option

Verifying that a specific weak password like 'qwerty' is not in use on administrative web consoles requires a default and common credentialed scan, which actively attempts authentication using known weak passwords.

AA service availability scan

A service availability scan only determines whether a service is reachable and responding; it does not attempt authentication or evaluate password strength.

BAn agent-based vulnerability scan

An agent-based vulnerability scan uses an installed agent to enumerate software versions and misconfigurations for known CVEs; it does not perform login attempts against web console credential forms.

CA default and common credentialed scanCorrect

A default and common credentialed scan systematically attempts to log in to discovered services and web consoles using a dictionary of well-known weak and default passwords, including entries like 'qwerty', 'password', and 'admin'. This directly validates whether any administrative interface accepts the target password by performing an actual authentication attempt. It is the only scan type listed that tests credential validity rather than just checking reachability or known CVEs.

DA network port scan

A network port scan identifies open ports and infers running services but performs no authentication and cannot detect whether a specific password is accepted by any service.

Concept tested: Default and common credential scanning against admin consoles

Source: https://csrc.nist.gov/publications/detail/sp/800-115/final

Topics

#credentialed scan#password auditing#vulnerability scanning#web console

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice