Q: 9
Which of the following management process allows ONLY those services required for users to
accomplish
their tasks, change default user passwords, and set servers to retrieve antivirus updates?
Options
Discussion
Pretty sure A: is what I picked. Had a similar scenario in my exam last year, config mgmt covered disabling services and default password changes. Changing ongoing user creds would be more Identity. Pretty sure on this one but let me know if anyone disagrees.
A tbh. Restricting unnecessary services and setting baseline configs is classic config management, even with that password change mention. It's not Identity if we're just talking about changing defaults one time. Anyone see legit CISSP practice where this wasn't config mgmt?
Not B, A. Changing default passwords might seem like identity, but limiting services and AV updates make config the right call. The identity trap gets people.
Had something like this in a mock and I went with B. Changing default passwords felt like an identity management move, even though the other actions lean config. Might be overthinking it, but that's what I'd pick here-thoughts?
Its A. Option B seems close but the disabling of services and pushing AV updates is way more config than identity. Not 100 percent sure since passwords come up, but all together these sound like secure configuration tasks. Disagree?
Config management covers allowing only necessary services and changing default passwords, plus setting AV updates. I've seen questions like this in the official study guide and practice exams, pretty sure A is it here. Someone feel different?
D , unless changing defaults counts as config, then maybe A.
Option A makes sense. Had something similar in my practice set and config was the answer, since restricting services and updating AV are config management basics. Not 100 percent sure with the password bit though, since that sometimes trips me up.
A because it's all config management stuff: limiting services, default password changes and AV updates are classic CISSP secure baseline actions. Pretty sure that's what ISC2 is testing for here despite the password bit.
B. not A
Be respectful. No spam.
