After provisioning a Linux VM, what is the first security hardening step you should perform?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the CompTIA Cloud+ exam. Enhance your skills with flashcards and multiple choice questions, each supported by hints and explanations. Prepare effectively for your certification!

Multiple Choice

After provisioning a Linux VM, what is the first security hardening step you should perform?

Explanation:
The first thing to do is reduce the attack surface by disabling or removing services you don’t need and closing ports you don’t require. A freshly provisioned Linux VM often starts with multiple services enabled by default or from the image, and each active service or listening port can be a potential entry point for attackers. By auditing what’s running and which ports are open, then turning off unneeded services and blocking those ports with a firewall, you limit how an attacker could reach the system. This sets a safer baseline for later hardening steps and ensures only the essential components are exposed. In practice, you’d check which services are enabled and actively running, stop and disable those that aren’t required for your workload, and remove unnecessary packages if appropriate. Then verify open ports and limit access to only what’s necessary, using firewall rules or security groups. After this, you can enable and harden the required services with secure configurations, proper authentication, and monitoring. Why the other ideas don’t fit: adding more services only increases risk, leaving all services enabled maintains a broad attack surface, and enabling root login over SSH gives direct administrator access and is a well-known security risk—use a non-root user with sudo and prefer key-based authentication.

The first thing to do is reduce the attack surface by disabling or removing services you don’t need and closing ports you don’t require. A freshly provisioned Linux VM often starts with multiple services enabled by default or from the image, and each active service or listening port can be a potential entry point for attackers. By auditing what’s running and which ports are open, then turning off unneeded services and blocking those ports with a firewall, you limit how an attacker could reach the system. This sets a safer baseline for later hardening steps and ensures only the essential components are exposed.

In practice, you’d check which services are enabled and actively running, stop and disable those that aren’t required for your workload, and remove unnecessary packages if appropriate. Then verify open ports and limit access to only what’s necessary, using firewall rules or security groups. After this, you can enable and harden the required services with secure configurations, proper authentication, and monitoring.

Why the other ideas don’t fit: adding more services only increases risk, leaving all services enabled maintains a broad attack surface, and enabling root login over SSH gives direct administrator access and is a well-known security risk—use a non-root user with sudo and prefer key-based authentication.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy