exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam

Exam CAS-004 topic 1 question 456 discussion

Actual exam question from CompTIA's CAS-004
Question #: 456
Topic #: 1
[All CAS-004 Questions]

A company has identified a number of vulnerable, end-of-support systems with limited defensive capabilities. Which of the following would be the first step in reducing the attack surface in this environment?

  • A. Utilizing hardening recommendations
  • B. Deploying IPS/IDS throughout the environment
  • C. Installing and updating antivirus
  • D. Installing all available patches
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
devin19
Highly Voted 7 months, 2 weeks ago
Selected Answer: A
Not many people make it this far. Rest your head here for a minute, traveler. Let me tell you my tale...
upvoted 10 times
...
CSue
Most Recent 1 week, 4 days ago
Selected Answer: D
In the context of end-of-support systems, while hardening is vital for reducing the attack surface, patching is the first step when possible. This would involve applying any available patches or updates, even if from legacy updates, before turning to hardening recommendations. Once patches are applied, hardening can help further secure the system. Therefore, the best answer remains D (Installing all available patches), but hardening (A) would come as the next step if patches are not possible due to end-of-support limitations.
upvoted 1 times
...
Steel16
3 weeks, 3 days ago
Selected Answer: A
o Hardening a system involves making it more secure by removing unnecessary software, disabling unused services, applying security patches, and configuring settings to enhance protection. This is a crucial initial step because it addresses fundamental vulnerabilities and strengthens the system's overall security posture. Before implementing additional security measures like IPS/IDS or antivirus, it's essential to harden vulnerable systems to minimize their exposure to attacks. o D. Installing all available patches: Installing all available patches is a good practice for maintaining system security. However, it's a reactive measure that addresses existing vulnerabilities. Hardening, on the other hand, takes a proactive approach by addressing potential vulnerabilities and improving the system's overall security posture.
upvoted 1 times
...
Bright07
3 months, 2 weeks ago
Selected Answer: D
The first step in reducing the attack surface in an environment with vulnerable, end-of-support systems is: D. Installing all available patches. Installing patches is the most immediate and effective way to address known vulnerabilities in software and systems. Since the systems are end-of-support, they may not receive regular updates from the vendor, so it is critical to install any remaining available patches that address security flaws. This can help prevent exploitation of those known vulnerabilities and significantly reduce the attack surface by fixing weaknesses that attackers could exploit. NOT A. Utilizing hardening recommendations: While hardening recommendations (such as disabling unnecessary services, adjusting permissions, and enforcing security policies) are important to secure systems, patching vulnerabilities should be the first priority. Hardening alone won't fix existing vulnerabilities, especially those that are patched by the vendor.
upvoted 1 times
...
lj22HI
5 months, 1 week ago
The answer is D: patching should always come first in this scenario. Addressing known vulnerabilities through patches provides a critical layer of defense and sets the stage for effective hardening. Once systems are updated and vulnerabilities are mitigated, hardening can then be implemented to enhance the security posture further. This sequential approach maximizes protection against potential threats, especially in environments dealing with vulnerable and unsupported systems.
upvoted 2 times
grelaman
5 months ago
If the system is EOS there are not patches available...
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago