Which of the following should the analyst recommend to prevent a recurrence of this risk exposure?

An organization has specific technical nsk mitigation configurations that must be implemented before a new server can be approved for production Several critical servers were recently deployed with the antivirus missing unnecessary ports disabled and insufficient password complexity .

Which of the following should the analyst recommend to prevent a recurrence of this risk exposure?
A . Perform password-cracking attempts on all devices going into production
B. Perform an Nmap scan on all devices before they are released to production
C. Perform antivirus scans on all devices before they are approved for production
D. Perform automated security controls testing of expected configurations pnor to production

View Answer

Answer: D

Explanation:

Automated security controls testing is a method that uses tools or scripts to verify that the security controls of a system or device are configured correctly and comply with the organization’s policies and standards. Performing automated security controls testing of expected configurations prior to production would help prevent a recurrence of the risk exposure caused by missing antivirus, unnecessary ports enabled, and insufficient password complexity. Performing password-cracking attempts, Nmap scans, or antivirus scans on all devices before they are released to production are other methods that can help detect some security issues, but they are not as comprehensive or efficient as automated security controls testing.

Reference: https://www.nist.gov/system/files/documents/2017/04/28/sp800-115.pdf