312-50V9 · Question #139
To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?
The correct answer is C. Hardening. System hardening is the process of reducing a system's attack surface by removing unnecessary software and services and correcting insecure default configurations.
Question
To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?
Options
- AHarvesting
- BWindowing
- CHardening
- DStealthing
How the community answered
(30 responses)- A7% (2)
- B3% (1)
- C87% (26)
- D3% (1)
Why each option
System hardening is the process of reducing a system's attack surface by removing unnecessary software and services and correcting insecure default configurations.
Harvesting refers to collecting data or credentials from a target system and is not a defensive configuration process.
Windowing is not a recognized security configuration process - it typically refers to time-based filtering in networking or data processing contexts.
Hardening refers to the systematic process of securing a system by disabling or removing unnecessary services and software, applying security patches, and correcting insecure default configurations. This directly reduces the attack surface by eliminating potential entry points an attacker could exploit. It is a foundational security practice codified in frameworks such as CIS Benchmarks and NIST SP 800-123.
Stealthing refers to concealing a system or its open ports from network scanning, not to removing unnecessary services or correcting insecure settings.
Concept tested: System hardening to reduce attack surface
Source: https://csrc.nist.gov/publications/detail/sp/800-123/final
Topics
Community Discussion
No community discussion yet for this question.