CompTIA Security Plus Mock Test Q802

The information security technician wants to ensure security controls are deployed and functioning as intended to be able to maintain an appropriate security posture. Which of the following security techniques is MOST appropriate to do this?

A. Log audits
B. System hardening
C. Use IPS/IDS
D. Continuous security monitoring

Correct Answer: D
Section: Application, Data and Host Security

Explanation:
A security baseline is the security setting of a system that is known to be secure. This is the initial security setting of a system. Once the baseline has been applied, it must be
maintained or improved. Maintaining the security baseline requires continuous monitoring.

Incorrect Answers:
A: Auditing logs is good practice. However, it is only one aspect of maintaining security posture. This question asks for the MOST appropriate answer. Continuous security monitoring
covers all aspects of maintaining security posture so it is a more appropriate answer.
B: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary
functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services.
C: An IPS/IDS (intrusion prevention system/intrusion detection system) is used to detect and prevent malicious activity on a network or a host. However, there is more to maintaining
security posture that this one aspect and should be a part of continuous security monitoring.

References:
Stewart, James Michael, Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, Sybex, Indianapolis, 2014, pp. 12, 61, 130
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 208, 215-217, 222