CompTIA CySA+ (CS0-002) — Question 379

An organization has specific technical risk mitigation configurations that must be implemented before a new server can be approved for production. Several critical servers were recently deployed with the antivirus missing, unnecessary ports disabled, and insufficient password complexity. Which of the following should the analyst recommend to prevent a recurrence of this risk exposure?

Answer options

• A. Perform password-cracking attempts on all devices going into production
• B. Perform an Nmap scan on all devices before they are released to production
• C. Perform antivirus scans on all devices before they are approved for production
• D. Perform automated security controls testing of expected configurations prior to production

Correct answer: D

Explanation

The correct answer, D, is the best recommendation as it ensures that all expected configurations are tested automatically before the servers go live, which directly addresses the identified issues. Options A and C do not provide a comprehensive solution for configuration management, and B, while useful for identifying open ports, does not address the overall configuration and security posture necessary before production.