CompTIA Cloud+ (CV0-003) — Question 369

A system administrator has provisioned a new web server. Which of the following, in combination, form the best practice to secure the server's OS? (Choose three.)

Answer options

• A. Install TLS certificates on the server.
• B. Forward port 80 traffic to port 443.
• C. Disable TLS 1.0/1.1 and SSL.
• D. Disable password authentication.
• E. Enable SSH key access only.
• F. Provision the server in a separate VPC.
• G. Disable the superuser/administrator account.
• H. Restrict access on port 22 to the IP address of the administrator's workstation.

Correct answer: E, G, H

Explanation

The correct answers E, G, and H focus on improving the security of the server by utilizing SSH key access, disabling the superuser account to minimize access risks, and restricting SSH access to a specific IP address to reduce the attack surface. Options A, B, C, and D are related to web server security or encryption but do not directly contribute to securing the OS itself, while F pertains to network isolation rather than OS security.