A security operations center (SOC) discovers a recently deployed router beaconing to a malicious website. Replacing the router fixes the issue. What is the MOST likely cause of the router’s behavior?
A.
The network administrator failed to reconfigure the router’s access control list (ACL).
B.
The router was damaged during shipping or installed incorrectly.
C.
The router was counterfeit and acquired through unauthorized channels.
D.
The network administrator failed to update the router’s firmware.
The router was beaconing to a malicious site. This is a sign of root kit like malware messing up the newly installed router. This is a tell-tale sign of a counterfeit product.
First time I am guessing and don't have more concrete proof of answer since this is so vague of a scenario.
Answer D) The network administrator failed to update the router’s firmware.
It is highly unlikely that a SOC will buy equipment from unauthorized channels, but they still may get some counterfeit equipment from a trusted seller as they may not know they were counterfeit to begin with.
Ultimately, the admin didn't update the firmware first. (ACL doesn't matter at this level because it can get bypassed by firmware level). If they tried to update it, then they would most likely have noticed a problem.
https://www.technewsworld.com/story/beware-of-counterfeit-network-equipment-86770.html#:~:text=The%20counterfeits
https://www.cisa.gov/sites/default/files/2023-04/apt28-exploits-known-vulnerability-to-carry-out-reconnaissance-and-deploy-malware-on-cisco-routers-uk.pdf
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
JohnyDal
Highly Voted 1 year, 9 months agojackdryan
1 year, 6 months agoYesPlease
Most Recent 11 months, 1 week agosausageman
1 year, 8 months ago