CISSP All Domains Practice test 11

A5 Security Misconfiguration. Databases configured wrong. Not removing out of the box default access and settings. Keeping default usernames and passwords. OS, Webserver, DBMS, applications. etc. not patched and up to date. Unnecessary features are enabled or installed; this could be open ports, services, pages, accounts, privileges, etc.