An IT security technician needs to establish host based security for company workstations. Which of the
following will BEST meet this requirement?

A.
Implement IIS hardening by restricting service accounts.

B.
Implement database hardening by applying vendor guidelines.

C.
Implement perimeter firewall rules to restrict access.

D.
Implement OS hardening by applying GPOs.

Explanation:
Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the
surface of vulnerability typically includes removing or disabling unnecessary functions and features,
removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and
disabling unnecessary services. This can be implemented using the native security features of an
operating system, such as Group Policy Objects (GPOs).
Incorrect Answers:
A: Internet Information Services (IIS) is a Windows service that allows a computer to function as a Web
Server. This is usually installed on a server rather than a workstation.
B: Database hardening will improve security for a database; it does not improve security for workstations.
C: Perimeter firewall rules can be used to restrict network access to host machines but this is a networkbased, and not a host-based, security mechanism.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 215, 227
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 202-206, 211