Certified Ethical Hacker (CEH v12) — Question 174

In your cybersecurity class, you are learning about common security risks associated with web servers. One topic that comes up is the risk posed by using default server settings. Why is using default settings on a web server considered a security risk, and what would be the best initial step to mitigate this risk?

Answer options

• A. Default settings allow unlimited login attempts; setup account lockout
• B. Default settings reveal server software type; change these settings
• C. Default settings cause server malfunctions; simplify the settings
• D. Default settings enable auto-updates; disable and manually patch

Correct answer: B

Explanation

Using default settings on a web server can expose the type of server software being used, making it easier for attackers to exploit known vulnerabilities. Changing these settings is crucial to enhance security. The other options address different concerns but do not tackle the primary risk associated with default configurations.