A recently installed application update caused a vital application to crash during the middle of the workday. The application remained down until a previous version
could be reinstalled on the server, and this resulted in a significant loss of data and revenue.
Which of the following could BEST prevent this issue from occurring again?
A.
Application configuration baselines
B.
Application hardening
C.
Application access controls
D.
Application patch management
Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps
protect a systems from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system first to
ensure that the updates do not have detrimental effects on the system, and, should the updates have no detrimental effects on the test systems, backing up the
production systems before applying the updates on a production system.
Incorrect Answers:
A: Application configuration baselining is the process of tuning the settings of an application to ensure it operates at its optimal value while providing security and
vulnerability protection.
B: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or
disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling
unnecessary services. Hardening also involves tuning and configuring the native security features of the installed software, performing patch management.
C: Access control or permissions determines a user’s access to an object, such as a file or folder, application, and system. It does not prevent system crashed due
to application updates.Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 231- 232, 235
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 215-217, 219, 220