After installing Linux, which step best reduces the attack surface?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the CompTIA Cloud+ exam. Enhance your skills with flashcards and multiple choice questions, each supported by hints and explanations. Prepare effectively for your certification!

Multiple Choice

After installing Linux, which step best reduces the attack surface?

Explanation:
Minimizing the attack surface by removing unneeded services and closing unused ports is the key idea here. When Linux is installed, it often ships with multiple services enabled or listening on various ports by default. Each running service and open port is a potential entry point for an attacker, so reducing what’s active and what’s reachable cuts down the opportunities for compromise without necessarily sacrificing needed functionality. Uninstalling and disabling unnecessary services and ports that aren’t needed embodies this approach. It aligns with the practical security principle of least functionality: you expose only what is essential for your workload. By removing unused services and blocking ports that aren’t required, you limit the avenues an attacker could exploit and make monitoring and later hardening steps more effective. Why the other ideas are less suitable: disabling all services by default would likely cripple legitimate operations and complicate maintenance, making the system unusable. Leaving ports open for easy access increases risk by granting broad access to the system. Installing many extra services unnecessarily expands the surface area and introduces more components that could have vulnerabilities. In practice, you would identify which services are needed, shut down and disable the rest, remove unnecessary packages, and use a firewall to block or limit access to nonessential ports. This focused hardening is the most effective way to reduce exposure while keeping the system functional.

Minimizing the attack surface by removing unneeded services and closing unused ports is the key idea here. When Linux is installed, it often ships with multiple services enabled or listening on various ports by default. Each running service and open port is a potential entry point for an attacker, so reducing what’s active and what’s reachable cuts down the opportunities for compromise without necessarily sacrificing needed functionality.

Uninstalling and disabling unnecessary services and ports that aren’t needed embodies this approach. It aligns with the practical security principle of least functionality: you expose only what is essential for your workload. By removing unused services and blocking ports that aren’t required, you limit the avenues an attacker could exploit and make monitoring and later hardening steps more effective.

Why the other ideas are less suitable: disabling all services by default would likely cripple legitimate operations and complicate maintenance, making the system unusable. Leaving ports open for easy access increases risk by granting broad access to the system. Installing many extra services unnecessarily expands the surface area and introduces more components that could have vulnerabilities.

In practice, you would identify which services are needed, shut down and disable the rest, remove unnecessary packages, and use a firewall to block or limit access to nonessential ports. This focused hardening is the most effective way to reduce exposure while keeping the system functional.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy