A security engineer is preparing an embedded industrial controller that runs a real-time operating system (RTOS) for deployment on the plant network. Which of the following hardening actions will BEST reduce the attack surface of the controller before it is placed into production?
Allow unrestricted inbound and outbound traffic on all ports and protocols.
Run every process with administrative privileges to avoid permission-related latency.
Enable the vendor's remote debugging service so developers can troubleshoot in production.
Remove or disable all nonessential services and applications on the RTOS.
Removing or disabling all nonessential services and applications is a fundamental hardening practice for any operating system and is explicitly recommended for RTOS devices. Limiting functionality to only what the device requires eliminates unnecessary listening ports and code paths that attackers could exploit.
Allowing unrestricted traffic (choice B) widens, rather than reduces, the attack surface.
Enabling remote debugging (choice C) leaves powerful interfaces exposed to attackers.
Running every process with administrative privileges (choice D) violates least-privilege principles and increases potential damage from a compromise.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'hardening' mean in the context of operating systems?
Open an interactive chat with Bash
What is the principle of least functionality?
Open an interactive chat with Bash
Why is reducing the attack surface important for security?