A systems administrator is hardening a newly installed Windows server that is dedicated to hosting a company's public website using Internet Information Services (IIS). The security policy requires disabling any services that are not strictly necessary for the server's designated role to minimize the attack surface. Which of the following services is the BEST candidate for disabling on this server?
The correct answer is the Print Spooler service. A primary principle of server hardening is to reduce the attack surface by disabling any unnecessary services. On a dedicated web server, printing functions are not required. The Print Spooler service has been the subject of significant vulnerabilities, such as PrintNightmare, and cybersecurity agencies recommend disabling it on servers that do not need to print.
The DNS Client service is incorrect because it is essential for resolving domain names to IP addresses, which the server needs for tasks like contacting update servers or external APIs. The World Wide Web Publishing Service is the core IIS service responsible for serving web pages; disabling it would stop the server from performing its primary function. The Secure Shell (SSHD) service is typically required for secure remote administration and management of the server; while it should be secured, it is not usually disabled.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Print Spooler service, and why is it disabled on servers?
Open an interactive chat with Bash
What is the role of the World Wide Web Publishing Service in IIS?
Open an interactive chat with Bash
Why is the DNS Client service essential for a web server?