A network administrator is responsible for securing applications against external attacks. Every month,
the underlying operating system is updated. There is no process in place for other software updates.
Which of the following processes could MOST effectively mitigate these risks?

A.
Application hardening

B.
Application change management

C.
Application patch management

D.
Application firewall review

Explanation:
The question states that operating system updates are applied but not other software updates. The
‘other software’ in this case would be applications. Software updates includes functionality updates and
more importantly security updates. The process of applying software updates or ‘patches’ to applications
is known as ‘application patch management’. Application patch management is an effective way of
mitigating security risks associated with software applications.
Incorrect Answers:
A: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the
surface of vulnerability typically includes removing or disabling unnecessary functions and features,
removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and
disabling unnecessary services.B: Application change management is the processing of managing any changes to an application. It can
include updating an application by applying patches but it also commonly includes making any
configuration change in the application.
D: Application firewall review is the process of reviewing the configuration of a software based firewall.
The configuration under review is typically who can access the system and from where the system can be
accessed. It does not include the installation of application patches.

http://www.techopedia.com/definition/24833/hardening
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 215-217