A network administrator is tasked with hardening the company's network devices. Which of the following actions BEST aligns with the principle of reducing the attack surface by managing device configurations?
Disable all unused ports on network switches and routers
Disabling all unused ports on switches and routers (and similarly disabling unnecessary services) removes unneeded entry points, directly shrinking the device's attack surface. Encrypting management traffic and implementing port mirroring improve confidentiality and monitoring, but they do not eliminate potential targets. Enabling additional remote-management services actually expands the attack surface by exposing more services to possible exploitation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is disabling unused ports considered a best practice for hardening network devices?
Open an interactive chat with Bash
What are some common tools or methods to detect unused ports on network devices?
Open an interactive chat with Bash
How does leaving unnecessary services enabled increase the attack surface?