A security technician is attempting to improve the overall security posture of an internal mail server. Which of the following actions would BEST accomplish this
goal?
A.
Monitoring event logs daily
B.
Disabling unnecessary services
C.
Deploying a content filter on the network
D.
Deploy an IDS on the network
Explanation:
One of the most basic practices for reducing the attack surface of a specific host is to disable unnecessary services. Services running on a host, especially network
services provide an avenue through which the system can be attacked. If a service is not being used, disable it.
Incorrect Answers:A: Monitoring event logs daily is good practice to view events that have happened. However, it does not improve the security posture of the system. The event logs
record things that have happened. They don’t prevent things such as an attack from happening.
C: Content filtering is the process of inspecting the content of a web page as it is downloaded. The content can then be blocked if it doesn’t comply with the
company’s web policy. Content- control software determines what content will be available or perhaps more often what content will be blocked. Content filtering will
not improve the overall security posture of a server.
D: An IDS (Intrusion Detection System) is used to detect attempts to access a computer systems on a network. An IDS is a good idea to improve the security
posture of the network. However, this question is asking about improving the security posture of a specific computer (the email server). Therefore disabling
unnecessary services is a better answer.