Exam SK0-005 topic 1 question 195 discussion

B. Disable unneeded physical ports. Disabling USB ports or any other physical ports not required for the server's operation can prevent unauthorized access through bootable external devices. This directly addresses the concern by making it impossible to connect and boot from an outside USB drive. C. Set a BIOS password. By setting a BIOS (or UEFI) password, you ensure that changes to the server's boot order or other critical firmware settings cannot be made without authentication. This prevents an unauthorized user from configuring the server to boot from an external device, such as a USB drive.

To reduce the risk of a rogue employee booting a server from an outside USB drive, the following actions should be taken: B. Disable unneeded physical ports. By disabling unneeded physical USB ports, it prevents anyone from plugging in an unauthorized USB drive or any other external device. C. Set a BIOS password. Setting a BIOS or UEFI password restricts access to the system's firmware settings, ensuring that boot order and other critical settings can't be changed without the correct password. So, the correct answers are: B. Disable unneeded physical ports. C. Set a BIOS password.

The two actions that can be taken to reduce the risk of a rogue employee booting a server from an outside USB drive are: B. Disable unneeded physical ports: By disabling physical ports such as USB ports, the ability of a rogue employee to boot a server from an outside USB drive can be significantly reduced. C. Set a BIOS password: Setting a BIOS password can prevent unauthorized access to the BIOS and boot options, which can help prevent a rogue employee from booting the server from an outside USB drive. Note that while the other options listed (A, D, E, and F) may be useful security measures, they do not directly address the specific risk of a rogue employee booting a server from an outside USB drive.