Certified Ethical Hacker (CEH v13) — Question 146

In your cybersecurity class, you are learning about common security risks associated with web servers. One topic that comes up is the risk posed by using default server settings. Why is using default settings on a web server considered a security risk, and what would be the best initial step to mitigate this risk?

Answer options

• A. Default settings allow unlimited login attempts; setup account lockout
• B. Default settings reveal server software type; change these settings
• C. Default settings cause server malfunctions; simplify the settings
• D. Default settings enable auto-updates; disable and manually patch

Correct answer: B

Explanation

Using default settings on a web server can expose the type of server software in use, making it easier for attackers to exploit known vulnerabilities. Changing these settings is a crucial initial step to enhance security. The other options address different issues that may not directly relate to the immediate risk posed by default configurations.