CompTIA Security Plus Mock Test Q848

A Human Resources user is issued a virtual desktop typically assigned to Accounting employees. A system administrator wants to disable certain services and remove the local accounting groups installed by default on this virtual machine. The system administrator is adhering to which of the following security best practices?

A. Black listing applications
B. Operating System hardening
C. Mandatory Access Control
D. Patch Management

Correct Answer: B
Section: Application, Data and Host Security

Operating System hardening is the process of securing the operating system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing
unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.

Incorrect Answers:
A: Blacklising applications is a security stance that allows all applications to run on a system except those exceptions that are explicitly denied. It is the opposite of whitelisting, in which
all applications are denied except those that are explicitly allowed to run.
C: Mandatory Access Control (MAC) is a form of access control that specifies that levels of access based on the sensitivity of the object being accessed. It uses sensitivity labels,
security domains, or classifications. It defines specific security domains or sensitivity levels and uses the associated labels from those security domains to impose access control on
objects and subjects.
D: Patch management is the process of maintaining the latest source code for applications and operating systems. This helps protect a systems from known attacks and
vulnerabilities, but not from unknown vulnerabilities

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 215-217, 220, 221, 236
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 231-232, 240, 278-279