Cisco
350-201 · Question #137
350-201 Question #137: Real Exam Question with Answer & Explanation
The correct answer is A: reduces the attack surface. Hardening machine images before deployment primarily reduces the attack surface by eliminating unnecessary services, open ports, and default configurations that attackers could exploit.
Security Policies and Procedures
Question
What is the impact of hardening machine images for deployment?
Options
- Areduces the attack surface
- Bincreases the speed of patch deployment
- Creduces the steps needed to mitigate threats
- Dincreases the availability of threat alerts
Explanation
Hardening machine images before deployment primarily reduces the attack surface by eliminating unnecessary services, open ports, and default configurations that attackers could exploit.
Common mistakes.
- B. Hardening establishes a secure configuration baseline at image build time; it does not accelerate the deployment or distribution of patches after the system is running.
- C. Hardening reduces pre-existing exposure to threats proactively but does not reduce the number of response steps required once a threat is actively identified or exploited.
- D. Hardening is a preventative configuration practice and has no direct relationship to generating, routing, or surfacing threat alerts from monitoring or detection systems.
Concept tested. Machine image hardening and attack surface reduction
Reference. https://csrc.nist.gov/publications/detail/sp/800-123/final
Topics
#image hardening#attack surface reduction#deployment security
Community Discussion
No community discussion yet for this question.