nerdexam
CompTIA

XK0-004 · Question #470

A security audit concludes that an organization's database servers need to be hardened. As a result, an administrator obtans tie fofcjwwng partial Nmap output from a database server. Which of the foll

The correct answer is D. Option D. Hardening a database server after an Nmap scan involves disabling or stopping unnecessary services that expose unneeded open ports.

Security

Question

A security audit concludes that an organization's database servers need to be hardened. As a result, an administrator obtans tie fofcjwwng partial Nmap output from a database server. Which of the following commands should the administrator execute to mitigate security risks?

Exhibit

XK0-004 question #470 exhibit

Options

  • AOption A
  • BOption B
  • COption C
  • DOption D

How the community answered

(39 responses)
  • A
    8% (3)
  • B
    33% (13)
  • C
    15% (6)
  • D
    44% (17)

Why each option

Hardening a database server after an Nmap scan involves disabling or stopping unnecessary services that expose unneeded open ports.

AOption A

Option A likely installs or enables an additional service, which increases rather than reduces the attack surface identified in the Nmap output.

BOption B

Option B likely only stops a service temporarily without disabling it, meaning it would reactivate on reboot and leave the vulnerability unmitigated long-term.

COption C

Option C likely modifies a file permission or ownership setting that does not address the open network port identified as the security risk by Nmap.

DOption DCorrect

Option D (not visible as text in this rendering) most likely uses 'systemctl stop' and 'systemctl disable' to shut down and prevent restart of a non-database service revealed as open by the Nmap output. Disabling unnecessary listening services reduces the server's attack surface in line with the principle of least exposure.

Concept tested: Disabling unnecessary services to harden a Linux server

Source: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/securing-services-with-firewalls_security-hardening

Topics

#Nmap#server hardening#open ports#security audit

Community Discussion

No community discussion yet for this question.

Full XK0-004 Practice