Question 7
Domain 1 — Privacy Governance and Program ManagementWhich of the following is the PRIMARY bene t of implementing policies and procedures for system hardening?
Correct answer: B
Explanation
System hardening reduces the attack surface by disabling unnecessary services, closing unused ports, and enforcing secure configurations. That lowers exposure to outside attackers, so it primarily "reduces external threats to data" by making systems harder to compromise.
Why each option is right or wrong
A. It increases system resiliency
Resiliency is about recovery and availability, not the main purpose of hardening controls.
B. It reduces external threats to data
System hardening is a preventive control aimed at reducing a system’s exposure to attack by removing unnecessary functionality, closing unused ports, and enforcing secure configurations. In this question, the primary effect is a smaller attack surface, which directly lowers the likelihood that outside attackers can exploit the system and reach stored or processed data.
C. It reduces exposure of data
Exposure reduction is broader data governance; hardening mainly secures systems against outside compromise.
D. It eliminates attack motivation for data
Security controls do not remove attacker motivation; they only make attacks harder or less successful.