A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no
process in place for other software updates.

Which of the following processes could MOST effectively mitigate these risks?

A.
Application hardening

B.
Application change management

C.
Application patch management

D.
Application firewall review

Explanation:
The question states that operating system updates are applied but not other software updates. The `other software’ in this case would be applications. Software
updates includes functionality updates and more importantly security updates. The process of applying software updates or `patches’ to applications is known as
`application patch management’. Application patch management is an effective way of mitigating security risks associated with software applications.
Incorrect Answers:
A: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or
disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling
unnecessary services.
B: Application change management is the processing of managing any changes to an application. It can include updating an application by applying patches but it
also commonly includes making any configuration change in the application.
D: Application firewall review is the process of reviewing the configuration of a software based firewall. The configuration under review is typically who can access
the system and from where the system can be accessed. It does not include the installation of application patches.

http://www.techopedia.com/definition/24833/hardening
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 215-217