Difficulty: Hard

Average Score: 0%

Which of the following are the best device-hardening techniques for network security? (Select two).

Rationale

Disabling unused ports and changing default passwords are the best device-hardening techniques for network security.

These techniques minimize potential vulnerabilities by reducing the attack surface and ensuring that default credentials, which are often easily exploited, are altered.

A (Disabling unused ports) CORRECT

Disabling unused ports is a fundamental practice in network security as it limits the number of potential entry points for unauthorized access. Open ports can serve as gateways for attackers to exploit vulnerabilities, making it crucial to close any ports that are not in use.

B (Performing regular scanning of unauthorized devices) YOUR ANSWER

While scanning for unauthorized devices is important for network monitoring, it does not directly harden devices themselves. Instead, it is a reactive measure that identifies potential threats after they have connected to the network rather than preventing unauthorized access in the first place.

C (Monitoring system logs for irregularities) YOUR ANSWER

Monitoring system logs is a valuable practice for detecting suspicious activity, but it is more of a detection tool than a hardening technique. It allows administrators to respond to threats rather than proactively secure devices against potential attacks.

D (Enabling logical security such as SSO) YOUR ANSWER

Enabling single sign-on (SSO) improves user convenience and can enhance security by reducing password fatigue. However, it does not directly contribute to device hardening and is more focused on user authentication rather than securing devices themselves.

E (Changing default passwords) CORRECT

Changing default passwords is crucial because many devices come with factory-set passwords that are widely known and can be easily exploited. By updating these passwords, organizations can significantly reduce the risk of unauthorized access.

F (Ensuring least privilege concepts are in place) YOUR ANSWER

Implementing least privilege is essential for user access management, but it focuses on user permissions rather than directly hardening devices. While it helps mitigate risks associated with user actions, it does not address vulnerabilities inherent to the devices themselves.

Conclusion

To effectively harden network devices, disabling unused ports and changing default passwords are critical strategies that directly mitigate risks. While other methods like monitoring and user privilege adjustments are important for maintaining security, the two highlighted techniques specifically focus on reducing vulnerabilities and preventing unauthorized access, forming a robust defense against potential attacks.

Related Questions

View all