Systems that have default configurations are common targets during a pentest. Which of the following is not a default configuration?
A) Setup a webserver that uses a secondary that only invited users will know about
B) Keeping the directory structures the same as installed, for easier maintenance
C) Allowing the sample pages of the webserver to remain so as not to confuse anyone until the real site is built
D) Keeping the default user accounts to make sure access is always available.

Question

Quizplus · Accepted Answer

There are many reasons hosts are used in a production network with default configurations. Lack of training and being distracted by too many projects are common reasons along with not having a configuration standard that is part of an appropriate risk management, incident response, and disaster recovery management program.

Systems That Have Default Configurations Are Common Targets During a Pentest