As part of a new industry regulation, companies are required to utilize secure, standardized OS settings. A technical must ensure the OS settings are hardened. Which of the following is the BEST way to do this?
A.
Use a vulnerability scanner.
B.
Use a configuration compliance scanner.
C.
Use a passive, in-line scanner.
D.
Use a protocol analyzer.
I’m not so sure about this one. A V-scanner will find open ports and missing patches, but a config compliance scanner will confirm software/patches/overall configurations.
https://security.calpoly.edu/content/network-config
1
0
I’m thinking B
5
0
Has to be B.
3
0
The link provided, albeit very interesting, deals with NETWORK configuration. We are not talking about network in here, We are talking about an Operating System.
A Vulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures. So I stick with A
0
3
https://support.tenable.com/support-center/nessus_compliance_checks.pdf
Start at page 5.
B.
1
0