nerdexam
CompTIA

CV0-003 · Question #16

A cloud service provider wants to offer hardened virtual server images for provisioning purposes. This will enable users to use only the operating system services that are allowed by the provider. Whi

The correct answer is A. Disable automatic updates. C. Disable unneeded ports and services.. Hardening virtual server images involves disabling automatic updates and unneeded ports or services to minimize the attack surface and maintain a controlled, provider-approved baseline.

Security

Question

A cloud service provider wants to offer hardened virtual server images for provisioning purposes. This will enable users to use only the operating system services that are allowed by the provider. Which of the following tasks are MOST appropriate for the hardening process? (Select TWO).

Options

  • ADisable automatic updates.
  • BDisable the command prompt.
  • CDisable unneeded ports and services.
  • DDisable the local administrator account.
  • EDisable the remote desktop connection.
  • FDisable complex passwords.

How the community answered

(35 responses)
  • A
    86% (30)
  • B
    3% (1)
  • D
    3% (1)
  • F
    9% (3)

Why each option

Hardening virtual server images involves disabling automatic updates and unneeded ports or services to minimize the attack surface and maintain a controlled, provider-approved baseline.

ADisable automatic updates.Correct

Disabling automatic updates on a provider-hardened image ensures that only vetted, approved patches are applied, preventing untested or unauthorized changes from altering the hardened security baseline that the provider controls.

BDisable the command prompt.

Disabling the command prompt would prevent legitimate administrative access and is not a recognized server hardening practice.

CDisable unneeded ports and services.Correct

Disabling unneeded ports and services reduces the attack surface by eliminating unnecessary entry points and running processes, which is a fundamental principle of server hardening.

DDisable the local administrator account.

Disabling the local administrator account removes a necessary management capability and is not a standard hardening step for provider-managed images.

EDisable the remote desktop connection.

Disabling remote desktop connection eliminates a common remote management channel without a proportional security benefit in a controlled provider environment.

FDisable complex passwords.

Disabling complex passwords weakens authentication security, which is the opposite of hardening and directly introduces credential risk.

Concept tested: Virtual server image hardening practices

Topics

#server hardening#security baseline#ports and services#VM image hardening

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice