Certified Information Systems Security Professional (CISSP) — Question 463

A web developer is completing a new web application security checklist before releasing the application to production. The task of disabling unnecessary services is on the checklist. Which web application threat is being mitigated by this action?

Answer options

• A. Session hijacking
• B. Security misconfiguration
• C. Broken access control
• D. Sensitive data exposure

Correct answer: B

Explanation

Disabling unnecessary services helps prevent security misconfiguration, as it reduces the attack surface of the application. This action does not directly prevent session hijacking, broken access control, or sensitive data exposure, which involve different security issues.