Which of the following, in combination, form the best practice to secure the server’s OS?

A system administrator has provisioned a new web server.

Which of the following, in combination, form the best practice to secure the server’s OS? (Choose three.)
A . Install TLS certificates on the server.
B . Forward port 80 traffic to port 443.
C . Disable TLS 1.0/1.1 and SSL.
D . Disable password authentication.
E . Enable SSH key access only.
F . Provision the server in a separate VPC.
G . Disable the superuser/administrator account.
H . Restrict access on port 22 to the IP address of the administrator’s workstation.

View Answer

Answer: A,D,E

Explanation:

These are the best practices to secure the OS of a new web server that has been provisioned in a cloud environment:

✑ Install TLS certificates on the server: TLS (Transport Layer Security) certificates are digital documents that contain information such as identity, public key, expiration date, etc., that can be used to prove one’s identity and establish secure communication over a network. Installing TLS certificates on the web server can encrypt and secure web traffic between the server and the clients, as well as prevent spoofing or impersonation attacks.

✑ Disable password authentication: Password authentication is a method of verifying and authenticating users or devices based on passwords or other credentials. Password authentication can be insecure or vulnerable to attacks such as brute force, dictionary, phishing, etc., especially if passwords are weak, reused, or compromised. Disabling password authentication can enhance security by preventing unauthorized or malicious access to the web server using passwords.

✑ Enable SSH key access only: SSH key access is a method of verifying and authenticating users or devices based on digital keys issued by a trusted authority. SSH key access can provide more security and convenience than password authentication, as it does not require users or devices to remember or enter passwords every time they access the web server. Enabling SSH key access only can ensure that only authorized or trusted users or devices can access the web server using keys.