CompTIA Security+ (SY0-501) — Question 216

An organization has hired a penetration tester to test the security of its ten web servers. The penetration tester is able to gain root/administrative access in several servers by exploiting vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP.
Which of the following recommendations should the penetration tester provide to the organization to better protect their web servers in the future?

Answer options

• A. Use a honeypot
• B. Disable unnecessary services
• C. Implement transport layer security
• D. Increase application event logging

Correct answer: B

Explanation

The best recommendation is to disable unnecessary services, as this reduces the attack surface by limiting the number of potential vulnerabilities that can be exploited. While using a honeypot can be useful for monitoring attacks, it does not directly secure the servers. Implementing transport layer security improves data protection but does not address the underlying vulnerabilities. Increasing application event logging can aid in monitoring but does not directly prevent exploitation of services.