An organization wants to standardize the initial security posture of its Linux, Windows, and container hosts before deploying them in production. According to guidance from the Center for Internet Security, which of the following approaches best establishes a secure baseline across all these systems?
Using recommended community-based configuration checks to ensure minimum secure settings for each platform
Waiting for vendor updates and applying them during quarterly maintenance cycles
Conducting internal audits on an annual schedule to track misconfigurations
Archiving system images on a local drive for quick rollback
Following recommended community-based checks ensures consistent, foundational settings across systems. This aligns with recognized standards that address a broad range of security needs, such as permissions, network configurations, and application settings. Other options focus on limited-scope measures, delayed responses, or sporadic reviews, which do not provide a continuous and comprehensive baseline.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are community-based configuration checks?
Open an interactive chat with Bash
Why are community-based checks preferred over internal audits?