A company has identified a number of vulnerable, end-of-support systems with limited defensive capabilities. Which of the following would be the first step in reducing the attack surface in this environment?
In the context of end-of-support systems, while hardening is vital for reducing the attack surface, patching is the first step when possible. This would involve applying any available patches or updates, even if from legacy updates, before turning to hardening recommendations. Once patches are applied, hardening can help further secure the system.
Therefore, the best answer remains D (Installing all available patches), but hardening (A) would come as the next step if patches are not possible due to end-of-support limitations.
o Hardening a system involves making it more secure by removing unnecessary software, disabling unused services, applying security patches, and configuring settings to enhance protection. This is a crucial initial step because it addresses fundamental vulnerabilities and strengthens the system's overall security posture. Before implementing additional security measures like IPS/IDS or antivirus, it's essential to harden vulnerable systems to minimize their exposure to attacks.
o D. Installing all available patches: Installing all available patches is a good practice for maintaining system security. However, it's a reactive measure that addresses existing vulnerabilities. Hardening, on the other hand, takes a proactive approach by addressing potential vulnerabilities and improving the system's overall security posture.
The first step in reducing the attack surface in an environment with vulnerable, end-of-support systems is:
D. Installing all available patches. Installing patches is the most immediate and effective way to address known vulnerabilities in software and systems. Since the systems are end-of-support, they may not receive regular updates from the vendor, so it is critical to install any remaining available patches that address security flaws. This can help prevent exploitation of those known vulnerabilities and significantly reduce the attack surface by fixing weaknesses that attackers could exploit. NOT A. Utilizing hardening recommendations: While hardening recommendations (such as disabling unnecessary services, adjusting permissions, and enforcing security policies) are important to secure systems, patching vulnerabilities should be the first priority. Hardening alone won't fix existing vulnerabilities, especially those that are patched by the vendor.
The answer is D: patching should always come first in this scenario.
Addressing known vulnerabilities through patches provides a critical layer of defense and sets the stage for effective hardening.
Once systems are updated and vulnerabilities are mitigated, hardening can then be implemented to enhance the security posture further.
This sequential approach maximizes protection against potential threats, especially in environments dealing with vulnerable and unsupported systems.
If the system is EOS there are not patches available...
upvoted 2 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
devin19
Highly Voted 7 months, 2 weeks agoCSue
Most Recent 1 week, 6 days agoSteel16
3 weeks, 5 days agoBright07
3 months, 2 weeks agolj22HI
5 months, 1 week agogrelaman
5 months ago