nerdexam
CompTIA

CV0-003 · Question #786

A cloud administrator must ensure all servers are in compliance with the company's security policy. Which of the following should the administrator check FIRST?

The correct answer is C. Hardened baselines. Before checking individual settings or versions, a compliance audit must first reference the hardened baseline, which defines the full set of required security configurations for a system.

Security

Question

A cloud administrator must ensure all servers are in compliance with the company's security policy. Which of the following should the administrator check FIRST?

Options

  • AThe application version
  • BThe OS version
  • CHardened baselines
  • DPassword policies

How the community answered

(40 responses)
  • B
    5% (2)
  • C
    93% (37)
  • D
    3% (1)

Why each option

Before checking individual settings or versions, a compliance audit must first reference the hardened baseline, which defines the full set of required security configurations for a system.

AThe application version

Application version is just one component of a hardened baseline and checking it first without a baseline reference provides no context for whether that version meets the security policy.

BThe OS version

OS version alone does not determine compliance - a system can run the correct OS version while still failing dozens of other baseline security controls.

CHardened baselinesCorrect

Hardened baselines are documented security configuration standards (such as CIS Benchmarks or STIG profiles) that define the complete expected state of a compliant system. Checking hardened baselines first gives the administrator a comprehensive benchmark against which all other settings - OS version, application version, and password policies - can be measured. Without this reference point, individual checks have no standard to compare against.

DPassword policies

Password policies are only one subset of a security policy and checking them first would miss the broader set of controls defined in a hardened baseline.

Concept tested: Security hardened baseline compliance auditing

Source: https://learn.microsoft.com/en-us/azure/governance/policy/concepts/guest-configuration

Topics

#hardened baselines#compliance#security policy#server hardening

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice