Which three items are Cisco best-practice recommendations for securing a network? (Choose
three.)
A.
Routinely apply patches to operating systems and applications.
B.
Disable unneeded services and ports on hosts.
C.
Deploy HIPS software on all end-user workstations.
D.
Require strong passwords, and enable password expiration.
Explanation:
Disable Unused Services
As a security best practice, any unnecessary service must be disabled. These unneeded services,
especially those that use User Datagram Protocol (UDP), are infrequently used for legitimate
purposes, but can be used in order to launch DoS and other attacks that are otherwise prevented
by packet filtering.
The TCP and UDP small services must be disabled. These services include:
It is also recommended to routinely apply patches to fix bugs and other vulnerabilities and to
require strong passwords with password expiration
Reference: Cisco Guide to Harden Cisco IOS Devices
http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html