PrepAway - Latest Free Exam Questions & Answers

The security administrator is determining the:

A set of standardized system images with a pre-defined set of applications is used to build end-user
workstations. The security administrator has scanned every workstation to create a current inventory of
all applications that are installed on active workstations and is documenting which applications are outof-date and could be exploited. The security administrator is determining the:

PrepAway - Latest Free Exam Questions & Answers

A.
attack surface.

B.
application hardening effectiveness.

C.
application baseline.

D.
OS hardening effectiveness.

Explanation:
In this question, we have out-of-date applications that could be exploited. The out-of-date applications
are security vulnerabilities. The combination of all vulnerabilities that could be exploited (or attacked) is
known as the attack surface.The attack surface of a software environment is the sum of the different points (the “attack vectors”)
where an unauthorized user (the “attacker”) can try to enter data to or extract data from an
environment.
The basic strategies of attack surface reduction are to reduce the amount of code running, reduce entry
points available to untrusted users, and eliminate services requested by relatively few users. One
approach to improving information security is to reduce the attack surface of a system or software. By
turning off unnecessary functionality, there are fewer security risks. By having less code available to
unauthorized actors, there will tend to be fewer failures. Although attack surface reduction helps prevent
security failures, it does not mitigate the amount of damage an attacker could inflict once a vulnerability
is found.
Incorrect Answers:
B: Determining the application hardening effectiveness would be the process of testing an application for
vulnerabilities after it has been updated or patched (hardened). In this question, the applications are outof-date so they have not been ‘hardened’.
C: An application baseline is a standard configuration for an application or set of applications. The process
of documenting which applications are out-of-date and could be exploited is not performed to determine
an application baseline.
D: Determining the OS (operating system) hardening effectiveness would be the process of testing an OS
for vulnerabilities after it has been updated or patched (hardened). In this question, nothing has been
done to harden the OS. The process of documenting which applications are out-of-date and could be
exploited is not performed to determine OS hardening effectiveness.

https://en.wikipedia.org/wiki/Attack_surface


Leave a Reply