ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 456 discussion

Actual exam question from CompTIA's CAS-004
Question #: 456
Topic #: 1
[All CAS-004 Questions]

A company has identified a number of vulnerable, end-of-support systems with limited defensive capabilities. Which of the following would be the first step in reducing the attack surface in this environment?

  • A. Utilizing hardening recommendations
  • B. Deploying IPS/IDS throughout the environment
  • C. Installing and updating antivirus
  • D. Installing all available patches
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by devin19 at Aug. 19, 2024, 1:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
devin19
Highly Voted 4 months, 3 weeks ago
Selected Answer: A
Not many people make it this far. Rest your head here for a minute, traveler. Let me tell you my tale...
upvoted 8 times
...
Bright07
Most Recent 3 weeks, 5 days ago
Selected Answer: D
The first step in reducing the attack surface in an environment with vulnerable, end-of-support systems is: D. Installing all available patches. Installing patches is the most immediate and effective way to address known vulnerabilities in software and systems. Since the systems are end-of-support, they may not receive regular updates from the vendor, so it is critical to install any remaining available patches that address security flaws. This can help prevent exploitation of those known vulnerabilities and significantly reduce the attack surface by fixing weaknesses that attackers could exploit. NOT A. Utilizing hardening recommendations: While hardening recommendations (such as disabling unnecessary services, adjusting permissions, and enforcing security policies) are important to secure systems, patching vulnerabilities should be the first priority. Hardening alone won't fix existing vulnerabilities, especially those that are patched by the vendor.
upvoted 1 times
...
lj22HI
2 months, 2 weeks ago
The answer is D: patching should always come first in this scenario. Addressing known vulnerabilities through patches provides a critical layer of defense and sets the stage for effective hardening. Once systems are updated and vulnerabilities are mitigated, hardening can then be implemented to enhance the security posture further. This sequential approach maximizes protection against potential threats, especially in environments dealing with vulnerable and unsupported systems.
upvoted 2 times
grelaman
2 months, 1 week ago
If the system is EOS there are not patches available...
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago