When implementing hardening techniques on a company's main database server to minimize its attack surface, which of the following measures should be taken FIRST?
Conduct a vulnerability scan to identify and fix security flaws.
Update the server to the latest stable OS version and apply all available security patches.
Configure the firewall to allow only essential traffic.
Implement account lockout policies after several failed login attempts.