Which of the following preventative controls would be appropriate for responding to a directive to reduce the
attack surface of a specific host?
Implementing an IDS
Taking a baseline configuration
Disabling unnecessary services
Preventive controls are to stop something from happening. These can include locked doors that keep intruders
out, user training on potential harm (to keep them vigilant and alert), or even biometric devices and guards that
deny access until authentication has occurred. By disabling all unnecessary services, you would be reducing
the attack surface because then there is less opportunity for risk incidents to happen. There are many risks with
having many services enabled since a service can provide an attack vector that someone could exploit against
your system. It is, thus, best practice to enable only those services that are absolutely required.