Which of the following should the cybersecunty analyst recommend to harden the server?

A cybersecunty analyst needs to harden a server that is currently being used as a web server. The server needs to be accessible when entenng www company com into the browser Additionally web pages require frequent updates which are performed by a remote contractor.

Given the following output:

Which of the following should the cybersecunty analyst recommend to harden the server? (Select TWO).
A . Uninstall the DNS service
B. Perform a vulnerability scan
C. Change the server’s IP to a private IP address
D. Disable the Telnet service
E. Block port 80 with the host-based firewall
F. Change the SSH port to a non-standard port

View Answer

Answer: D,F

Explanation:

Disabling the Telnet service would harden the server by removing an insecure protocol that transmits data in cleartext and could allow unauthorized access to the server. Changing the SSH port to a non-standard port would harden the server by reducing the exposure to brute-force attacks or port scans that target the default SSH port (22). Uninstalling the DNS service, performing a vulnerability scan, changing the server’s IP to a private IP address, or blocking port 80 with the host-based firewall would not harden the server or could affect its functionality as a web server.

Reference: https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html