CompTIA Security Plus Mock Test Q782

An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?

A. Implement IIS hardening by restricting service accounts.
B. Implement database hardening by applying vendor guidelines.
C. Implement perimeter firewall rules to restrict access.
D. Implement OS hardening by applying GPOs.


Correct Answer: D
Section: Application, Data and Host Security

Explanation
Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary
functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services. This can be implemented
using the native security features of an operating system, such as Group Policy Objects (GPOs).

Incorrect Answers:
A: Internet Information Services (IIS) is a Windows service that allows a computer to function as a Web Server. This is usually installed on a server rather than a workstation.
B: Database hardening will improve security for a database; it does not improve security for workstations.
C: Perimeter firewall rules can be used to restrict network access to host machines but this is a network-based, and not a host-based, security mechanism.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 215, 227
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 202-206, 211