Which term describes a configuration that exposes a large attack surface due to open ports, weak authentication, default credentials, or lack of secure communications?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

Which term describes a configuration that exposes a large attack surface due to open ports, weak authentication, default credentials, or lack of secure communications?

Explanation:
The idea being tested is how insecure network configurations create a large attack surface. When a network has open ports, weak authentication, default credentials, and a lack of secure communications, there are many entry points for an attacker. Open ports expose services that could be exploited; weak authentication and default credentials are easy to breach; and absent secure communications leave data in transit vulnerable to interception or tampering. Taken together, these signs describe an unsecure network. The other terms don’t fit as well. A threat vector is the route an attacker might take to reach a target, not the overall configuration that increases exposure. Phishing is a social engineering technique, not a network configuration issue. Unsupported systems refer to software that is out of date or no longer maintained, which is risky but doesn’t by itself describe the broad network exposure caused by the described configuration.

The idea being tested is how insecure network configurations create a large attack surface. When a network has open ports, weak authentication, default credentials, and a lack of secure communications, there are many entry points for an attacker. Open ports expose services that could be exploited; weak authentication and default credentials are easy to breach; and absent secure communications leave data in transit vulnerable to interception or tampering. Taken together, these signs describe an unsecure network.

The other terms don’t fit as well. A threat vector is the route an attacker might take to reach a target, not the overall configuration that increases exposure. Phishing is a social engineering technique, not a network configuration issue. Unsupported systems refer to software that is out of date or no longer maintained, which is risky but doesn’t by itself describe the broad network exposure caused by the described configuration.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy