CompTIA Security+ (SY0-501) — Question 1006

As part of a new industry regulation, companies are required to utilize secure, standardized OS settings. A technical must ensure the OS settings are hardened.
Which of the following is the BEST way to do this?

Answer options

• A. Use a vulnerability scanner.
• B. Use a configuration compliance scanner.
• C. Use a passive, in-line scanner.
• D. Use a protocol analyzer.

Correct answer: B

Explanation

The correct answer is B, as a configuration compliance scanner specifically checks whether OS settings adhere to defined security standards and best practices. While a vulnerability scanner (A) identifies weaknesses, it does not ensure compliance with standards. Passive, in-line scanners (C) monitor traffic but do not assess OS settings, and protocol analyzers (D) capture network traffic without focusing on configuration compliance.