CompTIA Security Plus Mock Test Q470

A recent audit has revealed weaknesses in the process of deploying new servers and network devices. Which of the following practices could be used to increase the security posture during deployment? (Select TWO).

A. Deploy a honeypot
B. Disable unnecessary services
C. Change default passwords
D. Implement an application firewall
E. Penetration testing

Correct Answer: B,C
Section: Compliance and Operational Security

Explanation:
Increasing security posture is akin to getting the appropriate type of risk mitigation for your company. A plan and its implementation is a major part of security posture. When new servers and network devices are being deployed your most vulnerable points will be coming from all unnecessary services that may be running from servers and network default passwords. Thus your plan should be to disable those services that are not needed and change the default password during the deployment of the new servers and network devices.

Incorrect Answers:
A: Honeypots are to fool and lure attackers, not quite the proper tool to use when deploying new servers and network devices and asked to increase security posture.
D: An application firewall will not be effective when deploying a new server and network devices because they still need to have the firewall configured.
E: Penetration testing in most cases are done to test for threats and vulnerabilities. A penetration test will not be an appropriate tool to deploy new servers and network devices.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 207