CompTIA Security Plus Mock Test Q612

A security technician is attempting to improve the overall security posture of an internal mail server. Which of the following actions would BEST accomplish this goal?

A. Monitoring event logs daily
B. Disabling unnecessary services
C. Deploying a content filter on the network
D. Deploy an IDS on the network

Correct Answer: B
Section: Threats and Vulnerabilities

One of the most basic practices for reducing the attack surface of a specific host is to disable unnecessary services. Services running on a host, especially network services provide an avenue through which the system can be attacked. If a service is not being used, disable it.

Incorrect Answers:
A: Monitoring event logs daily is good practice to view events that have happened. However, it does not improve the security posture of the system. The event logs record things that have happened. They don’t prevent things such as an attack from happening.
C: Content filtering is the process of inspecting the content of a web page as it is downloaded. The content can then be blocked if it doesn’t comply with the company’s web policy.
Content-control software determines what content will be available or perhaps more often what content will be blocked. Content filtering will not improve the overall security posture of a server.
D: An IDS (Intrusion Detection System) is used to detect attempts to access a computer systems on a network. An IDS is a good idea to improve the security posture of the network. However, this question is asking about improving the security posture of a specific computer (the email server). Therefore disabling unnecessary services is a better answer.