A security technician is attempting to improve the overall security posture of an internal mail server.
Which of the following actions would BEST accomplish this goal?

A.
Monitoring event logs daily

B.
Disabling unnecessary services

C.
Deploying a content filter on the network

D.
Deploy an IDS on the network

Explanation:
One of the most basic practices for reducing the attack surface of a specific host is to disable unnecessary
services. Services running on a host, especially network services provide an avenue through which the
system can be attacked. If a service is not being used, disable it.
Incorrect Answers:
A: Monitoring event logs daily is good practice to view events that have happened. However, it does not
improve the security posture of the system. The event logs record things that have happened. They don’t
prevent things such as an attack from happening.
C: Content filtering is the process of inspecting the content of a web page as it is downloaded. The
content can then be blocked if it doesn’t comply with the company’s web policy. Content-control
software determines what content will be available or perhaps more often what content will be blocked.
Content filtering will not improve the overall security posture of a server.
D: An IDS (Intrusion Detection System) is used to detect attempts to access a computer systems on a
network. An IDS is a good idea to improve the security posture of the network. However, this question is
asking about improving the security posture of a specific computer (the email server). Therefore disabling
unnecessary services is a better answer.