A cybersecurity team has witnessed numerous vulnerability events recently that have affected operating systems. The team decides to implement host-based IPS, firewalls and two-factor authentication. Which of the following does this most likely describe?
System hardening refers to the process of securing a system by reducing its attack surface and minimizing vulnerabilities. To achieve this, specific security measures like host-based intrusion prevention systems (HIPS), firewalls, and two-factor authentication (2FA) are commonly implemented. These are measures aimed at configuring and safeguarding operating systems against potential breaches and cyber threats, focusing on enhancing the overall security posture of individual systems.
While system hardening focuses on strengthening the security posture of individual endpoints and network perimeters through specific security measures like host-based IPS, firewalls, and 2FA, SASE takes a broader approach by integrating these capabilities into a unified cloud-native service. SASE aims to provide secure access to applications and data from anywhere, emphasizing scalability, flexibility, and enhanced user experience across distributed environments.
A. System Hardening System hardening enhances the security of an operating system, application, device, or service by reducing its attack surface. Hardening involves enabling or disabling specific features and restricting access to sensitive areas of the system, such as protected operating system files, windows registry, configuration files, and logs. Hardening includes disabling unnecessary services, limiting user privileges, patching the operating system, and many other changes. Best-practice hardening configurations can be very complex. Examples of best-practice hardening guides include DoD STIGs (https://public.cyber.mil/stigs/) and CIS Benchmarks™ (https://www.cisecurity.org/cis-benchmarks/). Version 1.0.0 of the CIS Microsoft Windows 11 Enterprise Benchmark contains over 1,200 pages of recommendations.
A. System hardening refers to the process of securing a system by reducing its attack surface and minimizing vulnerabilities.
HIPS and Firewalls tells us that there is connections to the systems through internet or its software-defined wide area networking (SD-WAN) and Zero Trust security solutions are implemented into a converged cloud-delivered platform to securely connect users, systems, endpoints, and remote networks to apps and resources. I go with D
I believe it would be D, SASE. Secure Access Service Edge (SASE) is a cloud architecture model that combines network and security-as-a-service functions together and delivers them as a single cloud service.
this would be the correct answer IF they didn't implement "host-based IPS", host-based isn't cloud
Harding is the act of creating rules and policies to govern an operating system