Free Isaca CCOA Actual Exam Questions - Question 1 Discussion

Makes sense to pick D because turning off unnecessary features cuts down attack points more than just tweaking user rights. D seems the broadest hardening method here.

It’s D, since reducing enabled features cuts more risk than just access limits.

D, since turning off unneeded features cuts risks beyond just user access.

Good point on reducing attack surface, but B is stronger for overall risk by strictly limiting access. B

Probably D. Disabling unnecessary features directly reduces the attack surface, which is a key part of system hardening beyond just permissions or access controls.

Option B also makes sense because restricting access strictly to what's necessary helps prevent unauthorized actions and limits potential damage. It’s a broader control than just user permissions (C) and ties closely to overall system security by ensuring only needed access is allowed. This complements hardening by reducing exposure from both users and system components. While D focuses on disabling features, B targets controlling access, which is crucial for minimizing risk.

D imo, system hardening is mostly about disabling unneeded features to cut risks.

It’s C because limiting user permissions strictly to what they need reduces the attack surface and prevents privilege escalation, which is key in system hardening. D is close but this option focuses more on user controls.

This one’s tricky but I think D makes the most sense since system hardening is about limiting unnecessary features. So I’d go with D.