A security team must harden a newly installed Windows Server 2022 instance to satisfy the CIS Level 1 benchmark before it is connected to the production network. Which combination of tasks addresses three core benchmark requirements for host configuration hardening?
Schedule nightly full backups and enable Windows auditing.
Configure Windows Defender Firewall rules and deploy a network intrusion detection sensor.
Enforce complex password policy settings, uninstall or disable unused services, and apply all available security updates.
Segment the server on a dedicated VLAN and require TLS for every TCP connection.
CIS server benchmarks begin with three fundamental host-level controls: 1) keep the operating system fully patched, 2) remove or disable services that are not required, and 3) enforce strong password policy settings. These appear in the Software Updates, Initial Setup → Services, and Access → Authentication sections of virtually every CIS server benchmark. The other options all contain valuable security measures, but they address operational resilience (backups), network architecture (segmentation), or additional security tooling (IDS) rather than the baseline host-configuration requirements specified by the Level 1 benchmark.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the Center for Internet Security (CIS) benchmarks?
Open an interactive chat with Bash
Why is removing unnecessary services important for server hardening?
Open an interactive chat with Bash
How do secure password policies contribute to server hardening?