Which of the following describes the process of removin…

Which of the following describes the process of removing unnecessary accounts and services from an application to reduce risk exposure?

Which of the following describes the process of removing unnecessary accounts and services from an application to reduce risk exposure?

A.
Error and exception handling

B.
Application hardening

C.
Application patch management

D.
Cross-site script prevention

Explanation:
Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary
functions and features, removing unnecessary usernames or logins and disabling unnecessary services.
Incorrect Answers:
A: Error handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system, and
should include error and exception handling.
C: Patch management is the process of maintaining the latest source code for applications and operating systems. This helps protect a systems from newly
discovered attacks and vulnerabilities.
D: Cross-site scripting (XSS) is a form of malicious code-injection attack on a web server in which an attacker injects code into the content sent to website visitors.
XSS can be mitigated by implementing patch management on the web server, using firewalls, and auditing for suspicious activity.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 215-217, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 231-



Leave a Reply 0

Your email address will not be published. Required fields are marked *