Secure and Standardized OS Settings | Best Practices for Hardening OS | CompTIA SY0-601

Best Practices for Hardening OS Settings

Prev Question Next Question

Question

As part of a new industry regulation, companies are required to utilize secure, standardized OS settings.

A technical must ensure the OS settings are hardened.

Which of the following is the BEST way to do this?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

To ensure that the OS settings are hardened, the BEST way is to use a configuration compliance scanner (option B).

A configuration compliance scanner is a tool that checks the settings of a system against a predefined standard or configuration baseline. It identifies the deviations from the standard and generates a report of non-compliant settings. This report can be used to fix the deviations and ensure that the system is configured according to the required standard.

Using a vulnerability scanner (option A) is not the best way to harden the OS settings. A vulnerability scanner is a tool that identifies the vulnerabilities in the system, but it does not provide guidance on how to configure the system to prevent those vulnerabilities.

Using a passive, in-line scanner (option C) is not appropriate for this task. A passive, in-line scanner is a tool that monitors network traffic for security events but does not check the system's settings.

Using a protocol analyzer (option D) is not an effective way to harden the OS settings. A protocol analyzer is a tool that captures and analyzes network traffic. It does not provide information about the system's settings or how to configure the system according to a standard.

In summary, the BEST way to ensure that the OS settings are hardened is to use a configuration compliance scanner.