A security administrator is hardening a new Linux web server before placing it in production. Which of the following actions would most effectively reduce the server's attack surface?
Enable guest SSH access so that troubleshooting is easier
Install additional compilers and development libraries for future debugging
Disable or uninstall all unnecessary services and close the corresponding ports
Configure the firewall to allow all outbound traffic and rely solely on IDS alerts
Removing or disabling services and their associated listening ports that are not required for the server's business function limits the number of network-accessible entry points an attacker can probe or exploit. In contrast, enabling guest SSH access, installing extra compilers and development libraries, or allowing unrestricted outbound traffic all expand the potential avenues for abuse and do not directly shrink the attack surface.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an attack surface?
Open an interactive chat with Bash
What are some examples of unnecessary services and ports?