A penetration tester is conducting an internal assessment and discovers a newly deployed database server. The server is configured with the vendor's default administrator credentials and is missing several critical security patches. The rules of engagement (RoE) prioritize system stability and prohibit any actions that could cause unplanned downtime. Which of the following remediation actions should the tester recommend as the most effective initial step?
Immediately deploy all missing critical security patches to the server.
Place the server in a quarantined network segment until the next scheduled maintenance window.
Configure a host-based intrusion detection system (HIDS) to alert on login attempts.
Change the default administrator password to a complex value and disable the account if it is not required.
The most effective initial step is to change the default password and disable the account if possible. This action directly remediates a high-risk vulnerability with minimal to no risk of causing system downtime, adhering to the rules of engagement. While applying patches is also critical, this action carries a risk of service interruption and should be tested and performed during a planned maintenance window, making it a less suitable initial action given the RoE constraints. Placing the server in a quarantined segment is a good compensating control but does not remediate the underlying vulnerability on the host itself. Configuring a host-based intrusion detection system (HIDS) is a detective control; it will only alert on potential breaches rather than preventing them, making it less effective than a direct preventative remediation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is changing default administrator credentials critical for security?
Open an interactive chat with Bash
Why are security patches not the initial remediation action in this scenario?
Open an interactive chat with Bash
What is the difference between preventative and detective controls?