Exam SY0-601 topic 1 question 710 discussion

My 5c here from a networking perspective The task is to harden endpoints A deny list on a FW is not hardening endpoints so that's out Of the choices left, enabling a HIDS is not really going to harden the endpoint, its essentially just detection and logging / alerting AV would definitely harden the system but still doesn't complete the task of closing the unused ports IMO Using the vulnerability scan results and list of apps no longer in use you can disable the unnecessary services which will stop the endpoints from listening on non-standard ports. I feel B fits best here as it actually addresses the result of the scan and would most likely also be the recommendation in the scan too.

applications that are no longer in use = services

It can't be 'B,' because for 1: it's a "Detection system," which is nowhere as good or sophisticated as a "Prevention system." and also 2: enabling HIDS still allows the unnecessary services/ports to still coexist with the HIDS. The HIDS will ONLY tell you when there is a problem, it doesn't do anything to stop it. Therefore, still allowing any problem to persist. If you disable unnecessary services (A.), then you stop the problem right at the source where it starts.

Here's why: Minimizing attack surface: By disabling unnecessary services, the security team reduces the attack surface of the servers. Services running on non-standard ports for applications that are no longer in use can be potential entry points for attackers. Disabling these services removes unnecessary points of vulnerability. Reducing resource utilization: Unnecessary services consume system resources such as CPU, memory, and network bandwidth. Disabling these services can free up resources, potentially improving the performance and stability of the servers without impacting production services.

B - This is because the question mentions that there are non-standard ports open for applications that are no longer in use. Disabling these unnecessary services would close these open ports and reduce potential attack vectors, without affecting the production environment.

Answer "A" has a minimal impact rather than "B" disabling unnecessary services

Try to paste same question couple times in ChatGPT. The answer is different (almost) every time

I could be mistaken with what they are looking for, but from a practical standpoint, there isn't a good way to determine what services can be disabled on production servers without causing an issue. The best and fastest way to protect the environment would be to have a good end point detection and response client first.