A security architect is tasked with integrating a new commercial-off-the-shelf (COTS) data analytics platform into the company's enterprise network. The platform will handle sensitive customer information. The primary goal is to ensure the software is configured securely from the outset to minimize its attack surface before it goes into production. Which of the following actions should the architect prioritize to BEST achieve this goal?
Removing all documentation and sample files from production installations
Deploying the software in a sandboxed environment with behavior monitoring
Following security hardening guidelines from trusted sources
Implementing application-level encryption for all data processed by the software
The correct answer is following security hardening guidelines from trusted sources. Hardening guidelines from sources like the software vendor, security organizations, or industry standards provide specific, comprehensive recommendations for securely configuring the software. These guidelines typically include disabling unnecessary features, setting secure defaults, and implementing appropriate security controls.
Implementing application-level encryption for all data processed by the software is a specific security control that may be appropriate but is not a comprehensive approach to secure configuration. While encryption is important for protecting sensitive data, it addresses only one aspect of security and might not be implemented correctly without proper guidance.
Deploying the software in a sandboxed environment with behavior monitoring is a defense-in-depth measure that can provide additional security but does not address the secure configuration of the software itself. This approach contains potential damage rather than preventing security issues through proper initial configuration.
Removing all documentation and sample files from production installations is a specific hardening step that helps reduce the attack surface, but it's just one of many configuration actions needed. This single action alone doesn't constitute a comprehensive approach to secure configuration and might miss critical security settings elsewhere in the system.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are security hardening guidelines?
Open an interactive chat with Bash
Why shouldn't encryption alone be considered sufficient for secure software configuration?
Open an interactive chat with Bash
What is the role of sandboxing in software security, and why isn't it a complete configuration solution?
Open an interactive chat with Bash
ISC2 CISSP
Software Development Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .