CRISC Question #108: Real Exam Question with Answer & Explanation

The correct answer is D: meeting the baseline for hardening.. The best metric to demonstrate securely configured servers is the total number of servers meeting the baseline for hardening, as it directly measures adherence to security configurations. Hardening baselines ensure that systems are configured to minimize vulnerabilities and enhan

Submitted by lars.no· Apr 18, 2026Information Technology and Security

Question

The BEST metric to demonstrate that servers are configured securely is the total number of servers:

Options

Aexceeding availability thresholds
Bexperiencing hardware failures
Cexceeding current patching standards.
Dmeeting the baseline for hardening.

Explanation

The best metric to demonstrate securely configured servers is the total number of servers meeting the baseline for hardening, as it directly measures adherence to security configurations. Hardening baselines ensure that systems are configured to minimize vulnerabilities and enhance their security posture.

Common mistakes.

A. Exceeding availability thresholds relates to system uptime and performance, not directly to security configuration.
B. Experiencing hardware failures relates to reliability and physical integrity, not specifically to the software configuration security of the server.
C. Exceeding current patching standards indicates a lack of up-to-date vulnerability remediation, which is a security concern, but "meeting the baseline for hardening" is a broader and more comprehensive measure of overall secure configuration.

Concept tested. Secure configuration metrics (hardening)

Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/hard-and-soft-security

Topics

#Server hardening#Security metrics#Secure configuration#Baseline security

Community Discussion

No community discussion yet for this question.

Full CRISC Practice Browse All CRISC Questions