CompTIA Security Plus Mock Test Q632

A security manager must remain aware of the security posture of each system. Which of the following supports this requirement?

A. Training staff on security policies
B. Establishing baseline reporting
C. Installing anti-malware software
D. Disabling unnecessary accounts/services


Correct Answer: B
Section: Threats and Vulnerabilities

Explanation:
The IT baseline protection approach is a methodology to identify and implement computer security measures in an organization. The aim is the achievement of an adequate and appropriate level of security for IT systems. This is known as a baseline.
A baseline report compares the current status of network systems in terms of security updates, performance or other metrics to a predefined set of standards (the baseline).

Incorrect Answers:
A: Training staff on security policies is always a good idea. However, this will not provide a mechanism for making the security manager aware of the security posture of each system.
C: Anti-malware is required to remove any existing malware and prevent malware being installed in the future. However, anti-malware does not provide a mechanism for making the security manager aware of the security posture of each system.
D: Disabling unnecessary accounts/services is a good practice for reducing the attack surface of a computer system. However, it does not provide a mechanism for making the security manager aware of the security posture of each system.

References:
http://en.wikipedia.org/wiki/IT_baseline_protection