Unsecured Baselines and Unauthorized Changes

C.

Security misconfigurations occur when applications and systems are not properly configured or maintained in a secure manner.

This can be caused from a shortcoming in security baselines or configurations, unauthorized changes to system configurations, or a failure to patch and upgrade systems as the vendor releases security patches.

The correct answer to this question is C. Security misconfiguration.

Security misconfiguration is a type of threat that occurs when system components, such as servers, applications, or databases, are not configured properly, leaving vulnerabilities that attackers can exploit. This can happen when security baselines are not applied correctly, or when unauthorized changes are made to system configurations.

Security baselines are a set of guidelines and standards that define the minimum security requirements for a system. These guidelines cover a wide range of areas, including operating system settings, network configurations, user account management, and application security. By adhering to security baselines, organizations can reduce the risk of security breaches and ensure that their systems are protected against known threats.

However, if security baselines are not applied correctly, or if unauthorized changes are made to system configurations, vulnerabilities can be introduced into the system. For example, a misconfigured firewall rule could allow attackers to bypass security controls and gain access to sensitive data. Similarly, a misconfigured web server could expose sensitive information or allow attackers to execute arbitrary code on the system.

In conclusion, security misconfiguration is a type of threat that can occur when security baselines are not appropriately applied or unauthorized changes are made. This highlights the importance of adhering to established security guidelines and ensuring that system configurations are properly managed and monitored to reduce the risk of security breaches.