Exam CISM topic 1 question 41 discussion

Enforcing standard system configurations based on secure configuration benchmarks ensures that servers are configured in a secure and consistent manner. This reduces the likelihood of vulnerabilities resulting from misconfigurations that could be exploited by attackers. Secure configuration benchmarks provide guidelines and best practices for configuring systems to minimize security risks. While implementing network and system-based anomaly monitoring software (option B), enforcing configurations for secure logging and audit trails (option C), and implementing host-based intrusion detection systems (IDS) (option D) are valuable security measures, enforcing secure configurations is a foundational control that addresses the root cause of many vulnerabilities.

A. Many systems, such as Windows OS, come out of box with many vulnerabilities so a secure benchmark is key. Benchmark may do things like require longer PW, disable unused services and accounts that could be exploited.

A. Enforcing standard system configurations based on secure configuration benchmarks

A because is the most complete

A is correct. The goal here is to see what can be done to mitigate vulnerabilities that may be in place. The only *proactive* option is A.

A. Enforcing standard system configurations based on secure configuration benchmarks is the BEST control to mitigate the associated risk. This is because standardizing configurations can help to ensure that systems are configured securely and consistently, making it harder for attackers to exploit vulnerabilities. Additionally, using secure configuration benchmarks can help to ensure that systems are configured in line with industry best practices.

I think C is the correct Answer. Mitigate is the key word here and through Logging you can actually determine the Mitigation path.

Keyword: mitigate

IDS will detect the use of vulnerabilities.