What action is recommended for any required services, protocols, or daemons that are insecure?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

Multiple Choice

What action is recommended for any required services, protocols, or daemons that are insecure?

Explanation:
When a required service, protocol, or daemon is insecure, you don’t abandon it or ignore the risk. The proper approach is to add compensating controls to reduce the risk so the service can remain in use without exposing the environment to heightened threats. This means implementing additional security features and safeguards around that service, such as enabling strong encryption for communications (for example, TLS with up-to-date ciphers), enforcing strong authentication, applying the latest patches and secure configurations, disabling deprecated options, restricting access with firewalls and precise access controls, and enhancing monitoring and logging. You may also segment the network to limit exposure and implement controls like rate limiting or intrusion detection where appropriate. The goal is to bring the overall risk to an acceptable level while still meeting operational needs. Removing or ignoring insecure services would either disrupt operations or leave the system vulnerable, which is not acceptable.

When a required service, protocol, or daemon is insecure, you don’t abandon it or ignore the risk. The proper approach is to add compensating controls to reduce the risk so the service can remain in use without exposing the environment to heightened threats. This means implementing additional security features and safeguards around that service, such as enabling strong encryption for communications (for example, TLS with up-to-date ciphers), enforcing strong authentication, applying the latest patches and secure configurations, disabling deprecated options, restricting access with firewalls and precise access controls, and enhancing monitoring and logging. You may also segment the network to limit exposure and implement controls like rate limiting or intrusion detection where appropriate. The goal is to bring the overall risk to an acceptable level while still meeting operational needs. Removing or ignoring insecure services would either disrupt operations or leave the system vulnerable, which is not acceptable.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy