PBX query

I'm taking my Security + exam next wednesday at Cambridge and I'm still wondering about this question as this one seems to have conflicting answers and I personally am not sure what Comptia would want me to answer.

The best of protection against the abuse of remote maintenance of PBX system is to:

keep maintenance features turned off until needed or insist on strong authentication before allowing remote maintenance.

To me they both seem the right answer.

Any ideas anyone?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

/usr

There is one right answer.

Where did you find that question?

D-boy

I would say "insist on strong authentication before allowing remote maintenance. " as you would aways want it on, if you use this option you don't have to keep switching it on and off...

But then again if it's off then, wouldn't that be the best defence since there would be no way to attack it remotely...

I could be wrong i'm just guessing...

D-boy

/usr

I know the answer, I'm just careful when people post questions on message boards. I hate to seem like I'm implying that someone cheats, but the last thing I want to do is answer a test question.

If I remember the study material correctly, the most common answer would be "keep maintenance features turned off until needed". It can't be abused if it isn't on. Given the small amount of time that remote access is needed, it would be best to leave it off until you need it, since after dialing in they would have full access behind the firewall.

Ten9t6

/usr wrote:

I know the answer, I'm just careful when people post questions on message boards. I hate to seem like I'm implying that someone cheats, but the last thing I want to do is answer a test question.

If I remember the study material correctly, the most common answer would be "keep maintenance features turned off until needed". It can't be abused if it isn't on. Given the small amount of time that remote access is needed, it would be best to leave it off until you need it, since after dialing in they would have full access behind the firewall.

Thats correct...this test is all about turning off services and features that are not needed at the time. It just limits what can happen to you.

TURTLEGIRL

After studying relentlessly for 4 months with several books including, ms security +, wiley books, dummie books, syngress, and sybex. All on ebooks, I decided to look at test king to try out there demo exam and that's where the question came from. I have studied really hard for this one as that's the area I wish to be employed in. I want to go into the security area so I'm looking into getting MCSE. Not sure what my next options are. Have also looked at CEH book by ecouncil which is pretty good too.

ps: I'm also a girl so not sure what the I.T. industry is like. Do you think girls will have to prove themselves harder in this area?

http://spaces.msn.com/members/hturtlegirl73/

porengo

Good luck on your exam!

/usr

I don't think women have to prove themselves more in this field, I just think it's an area that tends to attract more men. If you know your stuff, you'll be fine.

All on ebooks, I decided to look at xxxxxxxxxxx to try out there demo exam and that's where the question came from.

By the way, does that "xxxxxxxxxxxx" signify a braindump site?

RussS

GBAGIRL2
Like many industries the IT field can be a little difficult for women to take the first step into. However that is usually not because of any real barriers, but just the impression that it is a male dominated field. There are many females in all areas of IT and as far as I can see the only area that is a little light is upper management and that is more about the 'old boy' network of top management rather than anything else.

BTW, as Ten9t6 - the test seems to be more about turning features off rather than how to configure.