CompTIA Security+ (SY0-501) — Question 185

An employee uses RDP to connect back to the office network.
If RDP is misconfigured, which of the following security exposures would this lead to?

Answer options

• A. A virus on the administrator's desktop would be able to sniff the administrator's username and password.
• B. Result in an attacker being able to phish the employee's username and password.
• C. A social engineering attack could occur, resulting in the employee's password being extracted.
• D. A man in the middle attack could occur, resulting the employee's username and password being captured.

Correct answer: D

Explanation

The correct answer is D because a man-in-the-middle attack can intercept communications between the employee and the server, allowing an attacker to capture sensitive information like usernames and passwords. The other options describe different types of attacks that do not directly relate to RDP misconfiguration and its implications.