nerdexam
ExamsCISSPQuestions#922
(ISC)2(ISC)2

CISSP · Question #922

CISSP Question #922: Real Exam Question with Answer & Explanation

The correct answer is A: Configuration. Configuration management involves hardening systems by limiting services, changing default credentials, and managing security settings like antivirus update sources.

Submitted by lukas.cz· Mar 5, 2026Security Operations

Question

Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

Options

  • AConfiguration
  • BIdentity
  • CCompliance
  • DPatch

Explanation

Configuration management involves hardening systems by limiting services, changing default credentials, and managing security settings like antivirus update sources.

Common mistakes.

  • B. Identity management focuses on managing user identities, authentication, and authorization (e.g., provisioning accounts and roles), not on controlling system services or antivirus update settings.
  • C. Compliance management involves auditing and verifying that systems adhere to regulatory standards and policies, rather than actively configuring or hardening the systems themselves.
  • D. Patch management specifically addresses the process of identifying, testing, and applying software updates and security patches to fix vulnerabilities, not the broader hardening tasks like disabling services or changing default passwords.

Concept tested. Configuration management and system hardening principles

Reference. https://csrc.nist.gov/publications/detail/sp/800-128/final

Topics

#configuration management#hardening#least privilege

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CISSP PracticeBrowse All CISSP Questions