Reducing Attack Surface | Infrastructure Changes | CompTIA CySA+ Exam

Reducing Attack Surface

Prev Question Next Question

Question

A security analyst needs to reduce the overall attack surface.

Which of the following infrastructure changes should the analyst recommend?

Answers

A. Implement a honeypot.

B. Air gap sensitive systems.

C. Increase the network segmentation.

D. Implement a cloud-based architecture.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

https://www.securitymagazine.com/articles/89283-ways-to-reduce-your-attack-surface

4, Segment Your Network

You may already have perimeters around your network to
protect the whole system, but segmenting your networks still
makes a whole of sense, as it helps to reduce the attack
surface by increasing the number of barriers an attacker
encounters when attempting to travel through the network.

Ina microsegmented world, we are able to drive s

ecurity
controls down to a single machine, partition, workload or
application. Network segmentation not only helps to reduce
the sum total of exploitable assets, but it also helps minimize
dwell time (the time cybercriminals spend undetected on
networks) by effectively putting “quick sand” in attackers’
paths to stop them in their tracks.

The security analyst needs to reduce the overall attack surface, which means minimizing the number of points that can be targeted by an attacker. The following infrastructure changes could help achieve this goal:

A. Implement a honeypot: A honeypot is a decoy system that is designed to be attractive to attackers. The purpose of a honeypot is to distract attackers from the real systems and to gather information about their tactics and techniques. While a honeypot can be a valuable tool for detecting and analyzing attacks, it does not necessarily reduce the attack surface.

B. Air gap sensitive systems: Air-gapping is a security measure that physically isolates a computer or network from any other unsecured networks. This technique is typically used for highly sensitive systems that must be protected from any potential attack. While air-gapping can be an effective way to reduce the attack surface, it can also limit the functionality of the system and may not be practical in all situations.

C. Increase the network segmentation: Network segmentation involves dividing a network into smaller subnetworks, which can improve security by limiting the potential impact of an attack. By dividing the network into smaller, more manageable segments, an attacker who gains access to one segment will not necessarily be able to access other segments. This can help to limit the overall attack surface and improve the overall security posture of the organization.

D. Implement a cloud-based architecture: A cloud-based architecture can provide a number of benefits, including scalability, availability, and resilience. By moving systems and applications to the cloud, an organization can reduce the attack surface by outsourcing some of the security responsibilities to the cloud provider. However, this also introduces new security risks, and the organization must ensure that the cloud provider has appropriate security controls in place.

Based on the options provided, the most appropriate infrastructure change to reduce the overall attack surface would be to increase network segmentation.

Prev Question Next Question