CompTIA Network+ (N10-008) — Question 590

A network administrator is implementing process changes based on recommendations following a recent penetration test. The testers used a method to gain access to the network that involved exploiting a publicly available and fixed remote code execution vulnerability in the VPN appliance. Which of the following should the administrator do to BEST prevent this from happening again?

Answer options

• A. Change default passwords on internet-facing hardware.
• B. Implement robust ACLs with explicit deny-all entries.
• C. Create private VLANs for management plane traffic.
• D. Routinely upgrade all network equipment firmware.

Correct answer: D

Explanation

The correct answer is D, as routinely upgrading firmware ensures that any known vulnerabilities, including remote code execution flaws, are patched. Options A, B, and C, while important security practices, do not directly address the specific vulnerability that was exploited in this scenario.