Default password | Exam Premium

CompTIA Security+ Question H-96

A recent audit has revealed weaknesses in the process of deploying new servers and network devices. Which of the following practices could be used to increase the security posture during deployment? (Select TWO).

A. Deploy a honeypot
B. Disable unnecessary services
C. Change default passwords
D. Implement an application firewall
E. Penetration testing

Answer: B,C

Explanation:
Increasing security posture is akin to getting the appropriate type of risk mitigation for your company. A plan and its implementation is a major part of security posture. When new servers and network devices are being deployed your most vulnerable points will be coming from all unnecessary services that may be running from servers and network default passwords. Thus your plan should be to disable those services that are not needed and change the default password during the deployment of the new servers and network devices.

CompTIA Security+ Question D-22

A security engineer is asked by the company’s development team to recommend the most secure method for password storage.
Which of the following provide the BEST protection against brute forcing stored passwords? (Select TWO).

A. PBKDF2
B. MD5
C. SHA2
D. Bcrypt
E. AES
F. CHAP

Answer: A,D

Explanation:
A: PBKDF2 (Password-Based Key Derivation Function 2) is part of PKCS #5 v. 2.01. It applies some function (like a hash or HMAC) to the password or passphrase along with Salt to produce a derived key.

D: bcrypt is a key derivation function for passwords based on the Blowfish cipher. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power. The bcrypt function is the default password hash algorithm for BSD and many other systems.

References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 109-110, 139, 143, 250, 255-256, 256

CompTIA A+ Core 2 Question G-1

When securing a new wireless router, which of the following should be changed FIRST?

A. Default SSID
B. Radio power levels
C. Default password
D. DHCP settings

Correct Answer: C

Explanation:
http://blog.laptopmag.com/change-your-routers-username-and-password-how-to

CompTIA A+ Core 2 Question E-22

A residential customer just purchased a new wireless router. During the setup, which of the following should be done to increase the default security of the router?

A. Change the default SSID
B. Change the default password
C. Turn off DHCP services
D. Change the default wireless channel

Correct Answer: B

CompTIA A+ Core 2 Question C-49

An employee recently departed under bad terms, and the client is concerned for their SOHO network security. Which of the following should the technician do FIRST?

A. Physically secure the access point
B. Change default password
C. Lower the transmission power
D. Assign static IP addresses

Correct Answer: B