Certified Information Systems Security Professional (CISSP) — Question 451

Which of the following is the BEST option to reduce the network attack surface of a system?

Answer options

• A. Disabling unnecessary ports and services
• B. Ensuring that there are no group accounts on the system
• C. Uninstalling default software on the system
• D. Removing unnecessary system user accounts

Correct answer: A

Explanation

The correct answer is A because disabling unnecessary ports and services directly limits the potential entry points an attacker could exploit. While options B, C, and D also enhance security, they do not directly address the attack surface as effectively as managing network access does.