312-50V11 · Question #828
Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server
The correct answer is C. Limit the administrator or toot-level access to the minimum number of users. Web server hardening requires restricting privileged account access to only those users who absolutely need it, following the principle of least privilege.
Question
Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a countermeasures to secure the accounts on the web server. Which of the following countermeasures must Larry implement to secure the user accounts on the web server?
Options
- AEnable unused default user accounts created during the installation of an OS
- BEnable all non-interactive accounts that should exist but do not require interactive login
- CLimit the administrator or toot-level access to the minimum number of users
- DRetain all unused modules and application extensions
How the community answered
(33 responses)- A3% (1)
- C94% (31)
- D3% (1)
Why each option
Web server hardening requires restricting privileged account access to only those users who absolutely need it, following the principle of least privilege.
Enabling unused default user accounts created during OS installation increases the attack surface and is the opposite of hardening - these accounts should be disabled or removed.
Non-interactive accounts that do not require interactive login should be disabled or locked, not enabled, to prevent them from being leveraged by attackers.
Limiting administrator or root-level access to the minimum number of users is a core principle of least privilege, directly reducing the attack surface on a web server. Fewer privileged accounts mean fewer vectors an attacker can exploit if credentials are compromised. This countermeasure is a foundational hardening step recommended by security frameworks like CIS Benchmarks.
Retaining unused modules and application extensions increases the attack surface; hardening requires removing or disabling all unnecessary components.
Concept tested: Web server account hardening and least privilege
Source: https://www.cisecurity.org/benchmark/apache_http_server
Topics
Community Discussion
No community discussion yet for this question.