A system administrator has provisioned a new web server. Which of the following, in combination, form the best practice to secure the server's OS? (Choose three.)
A.
Install TLS certificates on the server.
B.
Forward port 80 traffic to port 443.
C.
Disable TLS 1.0/1.1 and SSL.
D.
Disable password authentication.
E.
Enable SSH key access only.
F.
Provision the server in a separate VPC.
G.
Disable the superuser/administrator account.
H.
Restrict access on port 22 to the IP address of the administrator's workstation.
Disregard my previous comment, I believe it is EGH
E. Enable SSH key access only: SSH key-based authentication is more secure than password-based authentication because a private key is much harder to crack than a password. Additionally, SSH keys can be configured to require a passphrase, which adds an extra layer of security.
G. Disable the superuser/administrator account: Disabling the superuser/administrator account and using a non-privileged account for daily tasks can help prevent privilege escalation attacks. It is also a good practice to use a different account for administrative tasks and to avoid logging in as the root account.
H. Restrict access on port 22 to the IP address of the administrator's workstation: By restricting access to the server's SSH port to a specific IP address, the administrator can ensure that only authorized users are able to access the server. This can help prevent unauthorized access and potential attacks.
A. Install TLS certificates on the server. Installing TLS certificates ensures that data transmitted between the server and clients is encrypted, providing confidentiality and integrity of the data.
E. Enable SSH key access only. Enabling SSH key access only enhances security by requiring SSH key-based authentication, which is more secure than password-based authentication.
H. Restrict access on port 22 to the IP address of the administrator's workstation. Restricting access on port 22 to the administrator's IP address limits the potential attack surface by allowing only authorized connections to access the server via SSH.
These practices combined will significantly enhance the security of the server's OS.
C. Disable TLS 1.0/1.1 and SSL: Disabling outdated and vulnerable encryption protocols enhances the security of the server's OS by ensuring that only modern and secure protocols are used for communication.
E. Enable SSH key access only: This option enhances security by allowing access to the server only through SSH keys, which are generally more secure than passwords and provide stronger authentication.
H. Restrict access on port 22 to the IP address of the administrator's workstation: By limiting SSH access to specific IP addresses, particularly the administrator's workstation, this option adds an extra layer of security to prevent unauthorized access to the server.
Read carefully. "when in combination" and "to secure the server's OS".
The only 3 options that both relate to the OS's security AND relate to each other is DEH. They all relate to SSH (when in combination) and locking down protocols relates to OS security.
*mic drop*
CEH makes the most sense.
C. Disable TLS 1.0/1.1 and SSL.
E. Enable SSH key access only. Most Voted
H. Restrict access on port 22 to the IP address of the administrator's workstation. Most Voted
- TLS 1.0 / 1.1 is insecure should be disabled
- Enabling SSH key access only negates the need to disable password auth
- Disabling administrator account is not realistic in a business environment you'll still need IT admins to have access.
- Restricting access to port and IP address of the admin workstation helps secure it the best
Disabling passwords scares me but I think that it is correct. Along with disabling admin account (standard admin). SSH key access on the other hand seems like a no brainer.
The best practices to secure the server's OS in combination are:
A. Install TLS certificates on the server.
D. Disable password authentication.
E. Enable SSH key access only.
These three measures help to secure the web server by implementing encryption and securing the authentication process. By disabling password authentication and enabling SSH key access only, the server is less vulnerable to brute-force attacks. Installing TLS certificates on the server helps to encrypt communications, preventing data interception and tampering.
The best practices to secure a server's OS are:
C. Disable TLS 1.0/1.1 and SSL. This is because these protocols have known vulnerabilities and should not be used in a production environment.
D. Disable password authentication. This makes it more difficult for attackers to guess or crack user passwords.
E. Enable SSH key access only. This provides a more secure way of authenticating users and prevents password-based attacks.
Option A is not relevant to securing the OS but is instead related to securing the web application running on the server. Option B is not a security best practice, but rather a way to redirect HTTP traffic to HTTPS. Option F and G are not related to securing the server's OS but rather related to network and user management. Option H is a good security practice, but it is not sufficient on its own to secure the OS.
Therefore, the correct options are: C, D, and E.
I'll go with the followings
"C. Disable TLS 1.0/1.1 and SSL: TLS 1.0/1.1 and SSL have known vulnerabilities, so it's recommended to disable them to ensure secure communication.
D. Disable password authentication: Passwords can be guessed or stolen, so it's recommended to disable password authentication and use public key authentication instead.
E. Enable SSH key access only: Restrict access to the server to only those who possess the private key, which is much more secure than password authentication."
just to add more to clusterf...
C. Disable TLS 1.0/1.1 and SSL.
E. Enable SSH key access only.
G. Disable the superuser/administrator account.
Disabling TLS 1.0 and 1.1 and SSL will remove the vulnerabilities in older encryption protocols and ensures that the data is transmitted securely.
Enabling SSH key access only will provide a secure method of access to the server and reduces the risk of brute-force attacks on the server.
Disabling the superuser/administrator account will prevent the attacker from using the default credentials to gain access to the server.
Other options such as installing TLS certificates, forwarding port 80 traffic to port 443, disabling password authentication, provisioning the server in a separate VPC, and restricting access on port 22 to the IP address of the administrator's workstation, can also be considered as a best practice, but they are not as critical as disabling deprecated protocols, enabling key access, and disabling the superuser/administrator account.
This section is not available anymore. Please use the main Exam Page.CV0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
TheGinjaNinja
Highly Voted 1 year, 9 months agosweetykaur
Most Recent 2 months agoSweety_Certified7
7 months, 2 weeks agokuzummjakk
7 months, 3 weeks ago[Removed]
7 months, 3 weeks agobadgerino
8 months, 3 weeks agoMonkeyman1500
8 months, 2 weeks agoFrancisDrake
10 months agoFrancisDrake
9 months, 1 week agoZak11
1 year, 6 months agoBeauChateau
1 year, 6 months agoconcepcionz
1 year, 7 months agoerreyesarroyo
1 year, 9 months agoTheGinjaNinja
1 year, 10 months agoironman_86
2 years, 2 months ago