How can a company most effectively reduce the attack surface of its web application? Learn why disabling unused services and ports minimizes entry points for attackers—essential for CompTIA Security+ (Plus) SY0-701 exam success.
Table of Contents
Question
A company wants to reduce the attack surface of its web application. Which action would be most effective?
A. Using default administrator credentials
B. Disabling unused services and ports
C. Implementing a guest network
D. Running applications in compatibility mode
E. Enabling remote desktop access
Answer
B. Disabling unused services and ports
Explanation
Reducing the number of services and open ports minimizes potential entry points for attackers.
The most effective action to reduce the attack surface of a web application is disabling unused services and ports.
The attack surface consists of all the points where an attacker could try to enter or extract data from a system, including open network ports, running services, APIs, and application features.
Every unnecessary service or open port increases the number of potential vulnerabilities and entry points for attackers. Disabling or removing these reduces exposure and limits what attackers can target.
Industry best practices and security frameworks recommend regularly reviewing and disabling all services, protocols, and ports that are not required for business operations. This process is known as system hardening and is foundational for minimizing risk.
Firewalls and network segmentation help, but unused services and open ports should be disabled at the host and application level for maximum effectiveness.
Other measures, like using strong access controls and patching, are important, but directly reducing the number of active services and open ports is the most immediate and impactful way to shrink the attack surface of a web application.
Disabling unnecessary services and closing unused ports directly reduces potential entry points, significantly minimizing the attack surface and improving the security posture of a web application.
CompTIA Security+ (Plus) SY0-701 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CompTIA Security+ (Plus) SY0-701 exam and earn CompTIA Security+ (Plus) SY0-701 certification.