Best Practices for Disabling Unneeded Services in Workstations

B.

The security analyst's goal, in this scenario, is to reduce the attack surface of the organization's workstations by disabling unneeded, benign services.

The attack surface refers to the potential entry points for an attacker to gain unauthorized access to a system or network. The larger the attack surface, the greater the potential for an attacker to find a vulnerability and exploit it. Therefore, reducing the attack surface is a key component of any effective cybersecurity strategy.

In this case, the security analyst has identified a list of unneeded, benign services that are running on the organization's workstations. By providing this list to the operations team to create a policy that will automatically disable these services, the security analyst is effectively reducing the attack surface of the organization's workstations.

Disabling unneeded services can also improve system performance by reducing the amount of system resources that are being consumed. However, the primary goal in this scenario is to reduce the attack surface, not optimize system performance.

Improving malware detection typically involves implementing security controls such as antivirus software, intrusion detection systems, and security information and event management (SIEM) systems. While disabling unneeded services can help to reduce the likelihood of a successful malware infection, it is not the primary goal of this exercise.

Creating a system baseline involves documenting the standard configuration of a system, including hardware, software, and configuration settings. While this exercise may involve identifying and documenting the services that are running on the organization's workstations, the primary goal in this scenario is to reduce the attack surface, not create a system baseline.