Juan is responsible for incident response at a large financial institution. He discovers that the company Wi- Fi has been breached. The attacker used the same login credentials that ship with the wireless access point (WAP). The attacker was able to use those credentials to access the WAP administrative console and make changes. Which of the following best describes the lack of standards or procedures that caused this vulnerability to exist?

Using default settings is a form of weak configuration and indicates that the organization is not using baselines effectively and may not have appropriate processes and standards in place. Many vulnerability scanners and attack tools have default settings built-in to test with, and default settings are easily obtained for most devices with a quick search of the Internet. Configuring the accounts is not the issue; using default credentials and settings is. Although training users is important, that’s not the issue in this scenario. Patching systems is important, but that won’t change default settings.