Difficulty: Easy

Average Score: 100%

After completing an annual external penetration test, a company receives the following guidance:
Decommission two unused web servers currently exposed to the internet.
Close 18 open and unused ports found on their existing production web servers.
Remove company email addresses and contact info from public domain registration records.

Which of the following security practices best describes these recommendations?

Rationale

Attack surface reduction

The recommendations provided focus on minimizing potential entry points for cyber threats by decommissioning unused web servers, closing open ports, and removing sensitive information from public records. These actions are aimed at reducing the overall attack surface of the company's network and improving its security posture.

A (Attack surface reduction) CORRECT

This choice accurately describes the recommendations, as reducing the attack surface involves eliminating unnecessary systems and reducing exposure to threats. By removing unused servers and closing open ports, the company is strategically decreasing the number of potential vulnerabilities that could be exploited by attackers.

B (Vulnerability assessment) YOUR ANSWER

While a vulnerability assessment involves identifying and evaluating security weaknesses in a system, the recommendations provided focus more on taking action to mitigate risks rather than merely assessing them. The actions are preventative measures rather than evaluative processes, which differentiates them from a vulnerability assessment.

C (Tabletop exercise) YOUR ANSWER

A tabletop exercise is a simulation-based training method used to prepare for potential security incidents by discussing procedures and responses. The recommendations do not involve simulation or discussion of incident responses; they are concrete actions taken to enhance security, making this option irrelevant to the context.

D (Business impact analysis) YOUR ANSWER

A business impact analysis assesses the potential effects of disruptions to business operations. While it is crucial for understanding risks, the recommendations focus on immediate security actions rather than evaluating business impacts. Thus, this choice does not align with the described practices.

Conclusion

The security recommendations provided are best categorized under attack surface reduction, as they aim to eliminate unused resources and minimize exposure to vulnerabilities. By actively reducing the company's attack surface, these actions enhance the overall security framework and significantly lower the risk of potential cyber threats.

Which of the following security practices best describes these recommendations?

Attack surface reduction

Related Questions

Related Quizzes

How familiar were you with this question?

Report an Issue

Rate this Practice Test