Joe, a technician, is tasked with finding a way to test operating system patches for a wide variety of
servers before deployment to the production environment while utilizing a limited amount of hardware
resources. Which of the following would provide the BEST environment for performing this testing?

A.
OS hardening

B.
Application control

C.
Virtualization

D.
Sandboxing

Explanation:
Virtualization is used to host one or more operating systems in the memory of a single host computer and
allows multiple operating systems to run simultaneously on the same hardware, reducing costs.
Virtualization offers the flexibility of quickly and easily making backups of entire virtual systems, and
quickly recovering the virtual system when errors occur. Furthermore, malicious code compromises of
virtual systems rarely affect the host system, which allows for safer testing and experimentation.
Incorrect Answers:
A: Operating System (OS) hardening is the process of securing a system by reducing its surface of
vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and
features, removing unnecessary usernames or logins and disabling unnecessary services. It is a process
for securing the system rather than an environment that can be used for testing patches and updates.
B: Application control is used to specify which applications can be installed on a device, or to specify the
settings the applications on a device use. It is often implemented to support a security baseline or
maintain other forms of compliance. It can also be used to reduce exposure to malicious applications by
limiting the user’s ability to install apps that come from unknown sources or that offer non-work-related
features.
D: Sandboxing is the process of isolating a system before installing new applications on it so as to restrict
any potential malware that may be embedded in the new application from being able to cause harm to
production systems. It does not ensure that the latest kernel version with all current security fixes is
installed on the system

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 201-203, 204-205, 215-217
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 37, 237, 250