312-50V10 · Question #364
To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?
The correct answer is C. Hardening. System hardening is the security process of reducing attack surface by removing unneeded software and services and correcting insecure configurations. It is a foundational defense-in-depth practice.
Question
To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?
Options
- AHarvesting
- BWindowing
- CHardening
- DStealthing
How the community answered
(41 responses)- A5% (2)
- B2% (1)
- C93% (38)
Why each option
System hardening is the security process of reducing attack surface by removing unneeded software and services and correcting insecure configurations. It is a foundational defense-in-depth practice.
Harvesting is a term associated with data collection or credential gathering in offensive security contexts, not a defensive configuration process.
Windowing is not a recognized information security process for reducing attack surface.
Hardening is the well-defined security discipline of eliminating unnecessary features, services, accounts, and insecure default settings from a system to minimize its attack surface. It includes steps such as disabling unused ports, removing default credentials, uninstalling unneeded applications, and applying secure baseline configurations. This directly matches the described activity of reducing exposure through removal and reconfiguration.
Stealthing refers to making a system or activity less detectable, not to the removal of unnecessary software and services.
Concept tested: System hardening and attack surface reduction
Source: https://csrc.nist.gov/publications/detail/sp/800-123/final
Topics
Community Discussion
No community discussion yet for this question.