CompTIA Security+ (SY0-701) — Question 410

Which of the following is the best security reason for closing service ports that are not needed?

Answer options

• A. To mitigate risks associated with unencrypted traffic
• B. To eliminate false positives from a vulnerability scan
• C. To reduce a system's attack surface
• D. To improve a system's resource utilization

Correct answer: C

Explanation

The correct answer is C because closing unneeded service ports decreases the number of potential entry points for attackers, thereby minimizing the attack surface. Options A, B, and D do not directly relate to the immediate benefits of port closure in terms of security; instead, they address different aspects of system management and risk.