The attacker discovers a server running critical applications with misconfigured role-based access controls (RBAC) and outdated software. Exploiting these vulnerabilities, the attacker gains system-level access, escalating their privileges beyond administrative levels, potentially compromising the entire digital infrastructure. Which advanced security oversight facilitated this level of privilege escalation?Failure to implement principle of least privilege in RBAC settingsNeglect in segmenting critical assets from the main networkLack of timely application of security patches to critical infrastructureInsufficient logging and monitoring of abnormal activities on critical servers
Question
The attacker discovers a server running critical applications with misconfigured role-based access controls (RBAC) and outdated software. Exploiting these vulnerabilities, the attacker gains system-level access, escalating their privileges beyond administrative levels, potentially compromising the entire digital infrastructure. Which advanced security oversight facilitated this level of privilege escalation?Failure to implement principle of least privilege in RBAC settingsNeglect in segmenting critical assets from the main networkLack of timely application of security patches to critical infrastructureInsufficient logging and monitoring of abnormal activities on critical servers
Solution
The advanced security oversight that facilitated this level of privilege escalation is the "Failure to implement principle of least privilege in RBAC settings" and "Lack of timely application of security patches to critical infrastructure".
The principle of least privilege (PoLP) is a computer security concept in which a user is given the minimum levels of access necessary to complete his/her job functions. In the scenario described, the misconfigured RBAC allowed the attacker to gain system-level access, which is a clear violation of PoLP.
Additionally, the outdated software on the server indicates that security patches were not applied in a timely manner. These patches often fix known vulnerabilities that could be exploited by attackers. In this case, the lack of timely patching allowed the attacker to exploit these vulnerabilities and gain unauthorized access.
While neglect in segmenting critical assets from the main network and insufficient logging and monitoring of abnormal activities on critical servers are also security oversights, they did not directly facilitate the privilege escalation in this scenario.
Similar Questions
What mechanism in RBAC prevents privilege accumulation and enforces the principle of least privilege?Dynamic role assignmentsMandatory access reviewsRole hierarchiesSession management controls
What role is used for elevated security privileges?(1 Point)security_adminadminsn_securityadmin_security
Which threat is recognized as attempting to obtain privileged access to resources for unauthorized access to information or compromising a system?Question 3Select one:a.Denial of serviceb.Temperingc.Elevation of privilege
Permits the specification and enforcement of enterprise-specific security policies in a way that maps more naturally to an organization's structure and business activities.System Access controlRole-based access controlDiscretionary access controlMandatory access control;
Question13Max. score: 2.00After establishing persistent access, the attacker aims to disrupt the organization's operational integrity by targeting the internal command and control (C&C) mechanisms. This includes manipulating scheduled tasks, altering automated workflows, and corrupting the integrity of administrative tools to sow chaos and further hide their tracks. How can organizations detect unauthorized alterations in their command and control mechanisms?By deploying artificial intelligence (AI) based anomaly detection systemsConducting daily manual audits of all system and network configurationsRelying on external audits for periodic security assessmentsUtilizing a decentralized model for all administrative controls
Upgrade your grade with Knowee
Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.