nerdexam
GIAC

GSEC · Question #123

GSEC Question #123: Real Exam Question with Answer & Explanation

The correct answer is D. Uninstall it. Uninstalling an unused Windows service completely removes it from the system, eliminating all attack surface rather than simply restricting or deferring service execution.

Question

What is the most secure way to address an unused Windows service so it cannot be exploited by malware?

Options

  • AFirewall it
  • BSet to manual startup
  • CDisable it
  • DUninstall it

Explanation

Uninstalling an unused Windows service completely removes it from the system, eliminating all attack surface rather than simply restricting or deferring service execution.

Common mistakes.

  • A. Firewalling a service restricts network-level access but does not prevent local exploitation or direct interaction with the service process from within the host.
  • B. Setting a service to manual startup still allows any sufficiently privileged process or user to start the service on demand, leaving the full attack surface available.
  • C. Disabling a service prevents automatic startup but the service binary and configuration remain on the system, allowing a privileged attacker or malware to re-enable and subsequently exploit it.

Concept tested. Windows service attack surface reduction and hardening

Reference. https://learn.microsoft.com/en-us/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSEC Practice