CompTIA PenTest+ (PT0-001) — Question 15

A penetration tester observes that several high-numbered ports are listening on a public web server. However, the system owner says the application only uses port 443. Which of the following would be BEST to recommend?

Answer options

• A. Transition the application to another port.
• B. Filter port 443 to specific IP addresses.
• C. Implement a web application firewall.
• D. Disable unneeded services.

Correct answer: D

Explanation

The correct answer is D because disabling unneeded services reduces the attack surface and minimizes potential vulnerabilities. Options A and B do not address the security risk posed by the other listening ports, while option C, although beneficial, does not directly resolve the issue of unnecessary services running on the server.