Which of the following would MOST effectively ensure that a new server is appropriately secured?
Which of the following would MOST effectively ensure that a new server is appropriately secured?
Conducting penetration testing most effectively ensures that a new server is appropriately secured because it involves simulating real-world attacks to identify vulnerabilities and weaknesses. This comprehensive evaluation allows for potential security issues to be identified and addressed before they can be exploited, ensuring that the server is secure from various types of threats.
You can not do a penn test everytime a new server is brought up
All of the options mentioned can contribute to ensuring that a new server is appropriately secured. However, if I had to choose the most effective option, I would go with option D, conducting penetration testing. Penetration testing involves simulating real-world attacks on the server to identify vulnerabilities and weaknesses in the system. This allows for a comprehensive evaluation of the server's security posture and helps identify potential entry points for unauthorized access. By performing penetration testing, any security vulnerabilities can be identified and addressed before they can be exploited by malicious actors.
Option A only focuses on technical controls but a pen test will test other forms of controls, like physical controls.
Have to argue that pen test is the answer here. Ensure means to make certain. Only option to ensure you are secure is to have a third party try to break into the server. Keep in mind physical security along with technical.
B to D are doing investigative or identifying threats only A is implementing control
ensure vs assure so going with A
A. Enforcing technical security standards
B. Performing secure code reviews
D. Conducting penetration testing