CompTIA Security+ (SY0-401) — Question 23

Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?

Answer options

• A. Installing anti-malware
• B. Implementing an IDS
• C. Taking a baseline configuration
• D. Disabling unnecessary services

Correct answer: D

Explanation

Disabling unnecessary services directly reduces the number of potential entry points for attackers, effectively minimizing the attack surface. While installing anti-malware, implementing an IDS, and taking a baseline configuration are useful security measures, they do not specifically target the reduction of services that could be exploited on the host.