Certified Network Defender (CND) — Question 134

Adam works as a Professional Penetration Tester. A project has been assigned to him to test the vulnerabilities of the CISCO Router of Umbrella Inc. Adam finds out that HTTP Configuration Arbitrary Administrative Access Vulnerability exists in the router. By applying different password cracking tools, Adam gains access to the router. He analyzes the router config file and notices the following lines: logging buffered errors logging history critical logging trap warnings logging 10.0.1.103
By analyzing the above lines, Adam concludes that this router is logging at log level 4 to the syslog server 10.0.1.103. He decides to change the log level from 4 to
0.
Which of the following is the most likely reason of changing the log level?

Answer options

• A. Changing the log level from 4 to 0 will result in the logging of only emergencies. This way the modification in the router is not sent to the syslog server.
• B. By changing the log level, Adam can easily perform a SQL injection attack.
• C. Changing the log level grants access to the router as an Administrator.
• D. Changing the log level from 4 to 0 will result in the termination of logging. This way the modification in the router is not sent to the syslog server.

Correct answer: A

Explanation

The correct answer is A because changing the log level from 4 to 0 means that only emergency messages will be logged, effectively silencing routine logs which would include changes made to the router. Options B and C are incorrect as they do not relate to logging behavior, and option D is misleading since it implies all logging stops rather than just limiting it to emergencies.