CompTIA Security+ (SY0-601) — Question 519

A recent vulnerability scan revealed multiple servers have non-standard ports open for applications that are no longer in use. The security team is working to ensure all devices are patched and hardened. Which of the following would the security team perform to ensure the task is completed with minimal impact to production?

Answer options

• A. Enable HIDS on all servers and endpoints.
• B. Disable unnecessary services.
• C. Configure the deny list appropriately on the NGFW.
• D. Ensure the antivirus is up to date.

Correct answer: B

Explanation

Disabling unnecessary services reduces potential attack vectors and minimizes the risk of exploitation, making it the most effective approach. Enabling HIDS, configuring a deny list, and ensuring antivirus is up to date are all important security measures; however, they do not directly address the immediate concern of reducing open non-standard ports that could pose security risks.