A web developer is completing a new web application security checklist before releasing the application to production. the task of disabling unecessary services is on the checklist. Which web application threat is being mitigated by this action?
Correct Answer: A
The web application threat that is being mitigated by the action of disabling unnecessary services is security misconfiguration. Security misconfiguration is a type of web application vulnerability that occurs when the web application or its components, such as the web server, the database, the framework, or the platform, are not configured properly or securely, and that exposes the web application or its data to potential attacks, such as unauthorized access, data leakage, or denial of service. Security misconfiguration can be caused by various factors, such as the use of default or weak settings, the lack of security updates or patches, the exposure of unnecessary or sensitive information, or the enablement of unnecessary or insecure features, functions, or services. Disabling unnecessary services is an action that can mitigate security misconfiguration, as it can reduce the attack surface and exposure of the web application, and improve the performance and security of the web application . References: [CISSP CBK, Fifth Edition, Chapter 3, page 229]; [CISSP Practice Exam - FREE 20 Questions and Answers, Question 15].