CISM Exam - Question 945

All of the options mentioned can contribute to ensuring that a new server is appropriately secured. However, if I had to choose the most effective option, I would go with option D, conducting penetration testing. Penetration testing involves simulating real-world attacks on the server to identify vulnerabilities and weaknesses in the system. This allows for a comprehensive evaluation of the server's security posture and helps identify potential entry points for unauthorized access. By performing penetration testing, any security vulnerabilities can be identified and addressed before they can be exploited by malicious actors.

You can not do a penn test everytime a new server is brought up

Option A only focuses on technical controls but a pen test will test other forms of controls, like physical controls.

ensure vs assure so going with A

Have to argue that pen test is the answer here. Ensure means to make certain. Only option to ensure you are secure is to have a third party try to break into the server. Keep in mind physical security along with technical.

D. Conducting penetration testing

A. Enforcing technical security standards

B to D are doing investigative or identifying threats only A is implementing control

Enforcing technical security standards ensures that the server is configured and maintained according to best practices and security guidelines. These standards typically cover various aspects of server security, such as hardening, patch management, access controls, and monitoring. By adhering to these standards, organizations can systematically address security risks and vulnerabilities, leading to a more secure server environment.

B. Performing secure code reviews

Option A is just to wear the armor, to "ensure" it is secured, you will need to use a spear (Option D) to "test" it. my 2 cents.

Enforcing technical security standards as in the form of baseline configurations. Similar question exists in this question pool - they are just worded differently.