(ISC)2 Certified in Cybersecurity Practice Exam

What defines a security baseline configuration?

• A. A detailed configuration for software installations
• B. A standardized configuration that meets minimum security requirements
• C. A customized configuration for individual user needs
• D. A comprehensive guide for risk assessment tools

The correct answer is: A standardized configuration that meets minimum security requirements

A security baseline configuration is fundamentally a standardized configuration that ensures that systems and devices are set up to meet minimum security requirements. This serves as a foundational reference for administrators to establish a secure posture across various infrastructures. Setting a baseline configuration is integral because it helps organizations ensure compliance with various regulatory requirements and best practices. It provides a consistent benchmark that can be applied to multiple systems, making it easier to identify deviations or vulnerabilities that could be exploited by threats. This option stands out because it encapsulates the essence of what a security baseline is intended to achieve—creating uniformity, enhancing security, and simplifying the process of risk management across an organization’s technology landscape. While the other options touch on different aspects of configuration management, they do not fully capture the purpose and significance behind establishing a baseline security configuration. Having detailed configurations for individual software installations, customized configurations for user needs, or comprehensive guides for risk assessments addresses more specific scenarios but does not constitute the general practice of defining a security baseline.