The local administrator account for a company’s VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening?
The local administrator account for a company’s VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening?
Implementing multifactor authentication would have prevented the unauthorized use of the local administrator account to access the remote management interface. With multifactor authentication, even if an attacker knows or guesses the correct password, they still would need a second form of authentication (such as a one-time code sent to a phone or an authentication app) to gain access. This additional layer of security significantly decreases the likelihood of unauthorized access.
I'm not sure why everyone ignores an elephant in the room, but B screams to be selected here. If your password is indeed admin123, are you really going to add a second factor instead of creating a complex password first?
But who said they're using a default pass? is it possible I am seeing a different Q than you?
Changed my mind after revisiting this question. The local administrator account is configured with the appliance and not AD so MFA cannot be implemented on this account. However, changing the default password of the appliance would prevent this from happening again.
"MFA cannot be implemented on this account" says who? whats your source? I just researched it and you're wrong!!
simmer down david
Hey dude...are you here to learn or to fight..calm down ..we are all friends here..no need for the aggressive tone.
https://www.examtopics.com/discussions/comptia/view/47448-exam-sy0-601-topic-1-question-91-discussion/ https://www.examtopics.com/discussions/comptia/view/120988-exam-sy0-601-topic-1-question-634-discussion/ https://www.examtopics.com/discussions/comptia/view/105750-exam-fc0-u61-topic-1-question-150-discussion/ https://www.examtopics.com/discussions/comptia/view/45949-exam-sy0-601-topic-1-question-153-discussion/ CompTIA doesn't say when a something has a default password, why do people suddenly expect this now after 700 questions?
Seems to me that the Local Admin Account has no business having access to the remote Management Interface if the Principle of Least Privilege (PoLP) was being enforced/enacted. I could be wrong, but this is how I'm perceiving this scenario.
This is a question where I am going against the grain. I like answer choice A here (least privilege), however I'm basing it on a conclusion that I'm admittedly not 100% confident on. First, I ask myself the question, should the local admin account credentials work on the remote management interface? This is where I am making my conclusion -- no, it shouldn't. If I analyze it from a security perspective and presume an attacker was the one that logged in, then I can presume that even if the local admin credentials were stolen, they wouldn't be able to interact with the remote management interface if least privilege was employed.
Extending the attacker scenario into the answer choice B, we don't know how the attacker obtained the admin credentials. Even though changing the default password hardens the system, it does nothing to prevent the attacker from accessing the remote management interface IF they were able to steal the more complex password -- that access is still there. That access still remains for MFA implementation as well. Yes, the hardening technique of MFA can mitigate many attacks, however the access still remains if the attacker successfully gains a foothold. If they were able to steal the local admin credentials, who's to say they wouldn't be able to steal an access card? The means of getting the credentials is out of scope, but it is still clear that MFA would not prevent access to the remote management interface like least privilege would.
There is no indication that the admin is using the default password. But even if he was using it MFA can still help out because without the second factor access will be denied to an unauthorized user. The problem here is that the attacker found a valid password an got access to the VPN device. MFA would have prevent it from happening regardless of what the password is, default or not.
MFA would prevent attacker from logging even if the password was guessed
but is that how comptia looks at it?
I think A: Using least privilege is the correct answer. It ensures that accounts are granted only the minimum level of access required to perform their duties. The local administrator account should not have access to systems or interfaces that are not explicitly required.
B - Change default password.
why not C? just curious. This is because if each user has their own unique ID, it would be easier to track and manage individual user activities. If an unexpected login occurs, it can be quickly identified and addressed. It also discourages the use of shared accounts, which can be a security risk
How i look at this question is: - Administrator account for "VPN APPLIANCE" unexpectedly logged into remote "MANAGEMENT INTERFACE" which to me points more to least privilege. Because we have administrator that "unexpectedly" logged.
Dude, I don't understand why some ppl so confidently assume its a default pass issue??? there is not even a remote mention of that! I also just did some research because some of you drove me crazy and Yes, you can enable MFA for local administrative accounts! why are some people so confident that its a default pass issue tho?!?!? I am very curious. I need to know if I am starting to hallucinate from doing so many questions or team B are serious lol
you're saying you solved 703 questions and you don't remember all the previous questions which had "change the default password" as the answer when it wasn't explicitly mentioned inside the question? If it's an option for him to DO it implies he has a default password
Can securely say it's not option D as this exact question is on 701 and removes option D. For me that leaves only A and B... Going for the simple answer...B
D-MFA for the win !
B. best answer. D - MFA? no - not normally used for local accounts. A - permissions based? no - not permission based question C - Assigning ind ID's? sure - good idea - but the question was asking about the password
Alright hears what we know, A local admin account was used to log in, we dont know if it was him or not, if it was him then he had rights It also said unexpectedly logged in, so we dsnt know if it was a default or complex password It states what would have prevented this, well if he did not have privileges then MFA and default password would not make a diffence Just My 2 cents
Why not a?