CERTIFIED-IN-CYBERSECURITY · Question #336
CERTIFIED-IN-CYBERSECURITY Question #336: Real Exam Question with Answer & Explanation
The correct answer is C: Regularly performing backups. While performing regular backups is a critical part of the overall cybersecurity strategy, it is not a practice directly related to system hardening. System hardening refers to securing a system by reducing its attack surface, typically achieved by turning off unnecessary service
Question
Which of the following is NOT a common system hardening practice?
Options
- ARegularly updating antivirus software
- BDisabling unnecessary services and protocols
- CRegularly performing backups
- DImplementing strong-password policies
Explanation
While performing regular backups is a critical part of the overall cybersecurity strategy, it is not a practice directly related to system hardening. System hardening refers to securing a system by reducing its attack surface, typically achieved by turning off unnecessary services and protocols, using secure configurations, and implementing strong password policies. For example, imagine a junior cybersecurity engineer tasked with hardening a newly installed server in an organization. They would start by turning off unnecessary services and protocols, such as disabling remote desktop accaess when not required, implementing strong password policies for all users, and ensuring that all software, including antivirus, is kept up to date. However, their responsibilities would not typically include taking or requiring regular backups--this task usually falls under disaster recovery and business continuity planning. While regular backups help ensure system and data recovery in the event of a cyber attack, they don't reduce the system's vulnerability to such attacks. Meanwhile, the other options are valid system hardening measures (see ISC2 Study Guide, Chapter 5, under Module 2).
Topics
Community Discussion
No community discussion yet for this question.