Refer to the exhibit. Which risk is MOST directly identified?
Allowing RDP from a broad range increases unauthorized access risk.
Why this answer
The exhibit (not shown) likely depicts a network diagram or access control list (ACL) configuration that allows inbound traffic from the internet to a critical server on a restricted port (e.g., RDP on TCP 3389 or SSH on TCP 22). This directly identifies the risk of unauthorized remote access, as an attacker could exploit this exposed management interface to gain control of the server. The other options are not directly indicated by such a configuration.
Exam trap
The trap here is that candidates may misinterpret a network diagram or ACL as indicating a denial of service vulnerability (Option A) because they focus on the inbound traffic volume or source, rather than recognizing that the specific risk is the exposure of a management interface to unauthorized remote access.
How to eliminate wrong answers
Option A is wrong because a denial of service vulnerability typically involves resource exhaustion or protocol-level attacks (e.g., SYN flood, ICMP flood), which are not directly identified by an ACL permitting remote access to a server. Option B is wrong because malware propagation across subnets would require evidence of lateral movement paths, such as unrestricted inter-subnet firewall rules or open file-sharing ports, not a single inbound rule to a critical server. Option C is wrong because a weak password policy is a governance or configuration issue unrelated to network access controls; it would be identified through password audits or policy reviews, not by examining ACLs or network diagrams.