A systems administrator is hardening a newly installed Windows server that is dedicated to hosting a company's public website using Internet Information Services (IIS). The security policy requires disabling any services that are not strictly necessary for the server's designated role to minimize the attack surface. Which of the following services is the BEST candidate for disabling on this server?
The correct answer is the Print Spooler service. A primary principle of server hardening is to reduce the attack surface by disabling any unnecessary services. On a dedicated web server, printing functions are not required. The Print Spooler service has been the subject of significant vulnerabilities, such as PrintNightmare, and cybersecurity agencies recommend disabling it on servers that do not need to print.
The DNS Client service is incorrect because it is essential for resolving domain names to IP addresses, which the server needs for tasks like contacting update servers or external APIs. The World Wide Web Publishing Service is the core IIS service responsible for serving web pages; disabling it would stop the server from performing its primary function. The Secure Shell (SSHD) service is typically required for secure remote administration and management of the server; while it should be secured, it is not usually disabled.