Ahmed is responsible for incident response at a large financial institution. He finds that the company's Wi-Fi has been breached. The attacker used the same login credentials that are shipped with the wireless access point (WAP). The attacker was able to use those credentials to access the WAP administrative console and make changes. Which of the following best describes what caused this vulnerability to exist?

Using default settings is a form of weak configuration. Many vulnerability scanners and attack tools have default settings built-in to test with, and default settings are easily obtained for most devices with a quick search of the Internet. Configuring the accounts is not the issue; changing default passwords and settings is. Although training users is important, that’s not the issue in this scenario. Patching systems is important, but that won’t change default settings.