CS0-003 Question #325: Real Exam Question with Answer & Explanation

Question

A security analyst reviews the following extract of a vulnerability scan that was performed against the web server: Which of the following recommendations should the security analyst provide to harden the web server?

Options

• ARemove the version information on http-server-header.
• BDisable tcp_wrappers.
• CDelete the /wp-login.php folder.
• DClose port 22.

Explanation

Explanation

Exposing version information in the http-server-header (e.g., "Apache/2.4.1") gives attackers a roadmap to find known CVEs and exploits specific to that version, so removing version banners is a fundamental hardening practice that reduces the attack surface without disrupting functionality. Option B is incorrect because tcp_wrappers is a legitimate host-based access control mechanism that should remain enabled, not disabled, as it adds a layer of protection. Option C is wrong because /wp-login.php is a file, not a folder, and simply deleting it could break WordPress authentication; the better approach would be to restrict access to it - but more importantly, this is a distracting detail not directly supported by the scan extract described. Option D is incorrect because port 22 (SSH) is typically needed for secure remote server administration, and closing it would likely disrupt legitimate management access.

🧠 Memory Tip:

Think "Don't advertise what you're running" - version disclosure in server headers is like wearing a name tag that says "I'm vulnerable to CVE-XXXX." Hardening means staying quiet about your software stack. On exams, look for the option that reduces information leakage without breaking functionality.

No community discussion yet for this question.