Before installing a system on the network, which security practice should be performed regarding vendor defaults?

• A. Change all vendor-supplied defaults and remove or disable unnecessary default accounts.
• B. Keep vendor defaults to ensure compatibility.
• C. Delay changes until a breach occurs.
• D. Change only administrator passwords.

Answer: (A)

Hardening a system before deployment means changing vendor defaults and disabling/removing unnecessary default accounts. These defaults are widely published, so attackers know them and can gain quick access if they’re left in place. Replacing them with unique credentials and reducing the number of active accounts limits what an intruder can do and aligns with PCI DSS requirements for secure configurations and removing default accounts. Leaving defaults in place, or only changing administrator passwords, still leaves other default accounts and settings exposed. Waiting for a breach is not acceptable; proactive hardening is essential.