nerdexam
EC-Council

312-50V10 · Question #828

Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server

The correct answer is C. Limit the administrator or toot-level access to the minimum number of users. Limiting administrator or root-level access to the minimum number of users is correct. This follows the Principle of Least Privilege - a foundational security hardening practice that reduces the attack surface by ensuring only those who absolutely need elevated privileges have th

Hacking Web Servers

Question

Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a countermeasures to secure the accounts on the web server. Which of the following countermeasures must Larry implement to secure the user accounts on the web server?

Options

  • AEnable unused default user accounts created during the installation of an OS
  • BEnable all non-interactive accounts that should exist but do not require interactive login
  • CLimit the administrator or toot-level access to the minimum number of users
  • DRetain all unused modules and application extensions

How the community answered

(61 responses)
  • A
    2% (1)
  • B
    3% (2)
  • C
    93% (57)
  • D
    2% (1)

Explanation

Limiting administrator or root-level access to the minimum number of users is correct. This follows the Principle of Least Privilege - a foundational security hardening practice that reduces the attack surface by ensuring only those who absolutely need elevated privileges have them. The other options all describe insecure practices: Option A says to enable unused default accounts, which should actually be disabled (default accounts are common attack targets). Option B says to enable all non-interactive accounts, but non-interactive accounts that exist without a business need should be disabled, not broadly enabled. Option D says to retain unused modules and extensions, which increases the attack surface and should instead be removed.

Topics

#web server hardening#user account security#least privilege#access control

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice