Exam SY0-701 topic 1 question 150 discussion

idk if it's my ADHD or what but I had to re-read this question like 5 times and I still don't completely understand what they're asking lol

B. Changing the default password

None really, the answer here is likely B, but in this scenario C is the only thing that makes sense as preventive action: A: irrelevant, admin should have access B: This presumes the admin is left with a default password which isnt stated.. the question worded doesn't say anything about misconfiguration, it can't just expect you to assume thats the case C: only preventive action, maybe if localadmin was USER10 , it can prevent the account from being a target. D. not preventive action If answer is B, it should be a different scenario or at least worded differently. nothing to say there was no configuration

I’m sorry but B is possible, but it isn’t the obvious answer. There is no indication that the system’s default password was used or any nefarious activity occurred. Sometimes system administrators use their privileged accounts when their normal accounts will accomplish a specific task: in that case, A would be a better answer.

B. Changing the default password Explanation: Default administrator accounts often come with weak or widely known credentials, making them an easy target for attackers. Changing the default password to a strong, unique one is a fundamental security practice that would have likely prevented unauthorized access. Other Options: A. Using least privilege: This is important but doesn't address the issue if the default password is still in use. C. Assigning individual user IDs: While useful for tracking and accountability, it doesn't prevent unauthorized access if the default admin account remains active. D. Reviewing logs more frequently: Log reviews can help detect incidents but won't prevent them. Changing the default password directly addresses the vulnerability.

Keyword "unexpectedly" and "logged in". if expected it would be with privilege. But not known Somebody could have cracked an easy password. My choice is B

C: By assigning individual user IDs, the company can track who is accessing the remote management interface and hold individuals accountable for their actions. This helps prevent unauthorized access and makes it easier to identify potential security threats.

The most likely action that would have prevented the local administrator account from being used unexpectedly to log in to the remote management interface is: B. Changing the default password Here’s why: - Changing the default password: Many VPN appliances come with default usernames and passwords. If these are not changed, anyone with knowledge of the default credentials (which are often easily found online) can gain access to the appliance. Changing the default password to something strong and unique would make it much more difficult for unauthorized users to log in. - A. Using least privilege: While this is a good security practice, it typically refers to ensuring users have only the minimum level of access needed to perform their tasks. In the case of an administrator account being used, the issue is more likely related to the strength of the password rather than inappropriate access rights being assigned.

I will go for C, this will help to track the exact user that logged in

Nowadays, there are not much systems that allow you to log in with a default password. In 2024, the answer should be either A or C. The best option is to disable local admin accounts and assign individual users with least privilege. So C & A is correct

I would choose A

Answer is B. It's the *local* admin account. A and C wouldn't work here because those are talking specifically about non-local accounts. To put it another way, go check your home router - if it's old enough, there's like a 99% chance the default username/password is just admin/admin. It's hard-coded so if you ever physically reset the device then the creds will always default back.

I will select C since its local administrator with default permission and should not be used remotely and best practice to assign individual user for each IT admin should manage this device

I think you need to have separate account for VPN and separate account for management. Option C makes the most sense; Assigning individual user IDs

I'm just want to vote for A, because it seems the most reasonable.

This is why I hate Sec+ questions. It should be assumed that part of assigning individual user accounts would be to disable a shared local admin account. Using shared accounts is bad practice!!

Many devices and applications come with default administrator credentials that are intended to be changed immediately after installation. Failure to change these passwords leaves systems vulnerable to unauthorized access. By changing the default password for the local administrator account, the company would significantly reduce the risk of unauthorized access. Attackers often attempt to use default credentials to gain entry, so ensuring these are changed is a fundamental security practice.