CompTIA SecurityX (CAS-005) — Question 193

A security architect must make sure that the least number of services as possible is exposed in order to limit an adversary's ability to access the systems. Which of the following should the architect do first?

Answer options

• A. Enforce Secure Boot.
• B. Perform attack surface reduction.
• C. Disable third-party integrations.
• D. Limit access to the systems.

Correct answer: B

Explanation

The correct answer is B, as performing attack surface reduction directly addresses the need to limit the number of exposed services, thereby decreasing potential vulnerabilities. Options A, C, and D are also important security measures but do not specifically target the reduction of exposed services as effectively as attack surface reduction does.