A Human Resources user is issued a virtual desktop typically assigned to Accounting employees. A system
administrator wants to disable certain services and remove the local accounting groups installed by
default on this virtual machine. The system administrator is adhering to which of the following security
best practices?

A.
Black listing applications

B.
Operating System hardening

C.
Mandatory Access Control

D.
Patch Management

Explanation:
Operating System hardening is the process of securing the operating system by reducing its surface of
vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and
features, removing unnecessary usernames or logins and disabling unnecessary services.
Incorrect Answers:
A: Blacklising applications is a security stance that allows all applications to run on a system except those
exceptions that are explicitly denied. It is the opposite of whitelisting, in which all applications are denied
except those that are explicitly allowed to run.
C: Mandatory Access Control (MAC) is a form of access control that specifies that levels of access based
on the sensitivity of the object being accessed. It uses sensitivity labels, security domains, or
classifications. It defines specific security domains or sensitivity levels and uses the associated labels from
those security domains to impose access control on objects and subjects.
D: Patch management is the process of maintaining the latest source code for applications and operating
systems. This helps protect a systems from known attacks and vulnerabilities, but not from unknown
vulnerabilities

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 215-217, 220, 221, 236
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 231-232, 240,
278-279
http://www.techopedia.com/definition/24833/hardening