nerdexam
EC-Council

312-50V11 · Question #828

Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server

The correct answer is C. Limit the administrator or toot-level access to the minimum number of users. Web server hardening requires restricting privileged account access to only those users who absolutely need it, following the principle of least privilege.

Hacking Web Servers

Question

Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a countermeasures to secure the accounts on the web server. Which of the following countermeasures must Larry implement to secure the user accounts on the web server?

Options

  • AEnable unused default user accounts created during the installation of an OS
  • BEnable all non-interactive accounts that should exist but do not require interactive login
  • CLimit the administrator or toot-level access to the minimum number of users
  • DRetain all unused modules and application extensions

How the community answered

(33 responses)
  • A
    3% (1)
  • C
    94% (31)
  • D
    3% (1)

Why each option

Web server hardening requires restricting privileged account access to only those users who absolutely need it, following the principle of least privilege.

AEnable unused default user accounts created during the installation of an OS

Enabling unused default user accounts created during OS installation increases the attack surface and is the opposite of hardening - these accounts should be disabled or removed.

BEnable all non-interactive accounts that should exist but do not require interactive login

Non-interactive accounts that do not require interactive login should be disabled or locked, not enabled, to prevent them from being leveraged by attackers.

CLimit the administrator or toot-level access to the minimum number of usersCorrect

Limiting administrator or root-level access to the minimum number of users is a core principle of least privilege, directly reducing the attack surface on a web server. Fewer privileged accounts mean fewer vectors an attacker can exploit if credentials are compromised. This countermeasure is a foundational hardening step recommended by security frameworks like CIS Benchmarks.

DRetain all unused modules and application extensions

Retaining unused modules and application extensions increases the attack surface; hardening requires removing or disabling all unnecessary components.

Concept tested: Web server account hardening and least privilege

Source: https://www.cisecurity.org/benchmark/apache_http_server

Topics

#web server hardening#least privilege#user account management#access control

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice