What is meant by attack surface, and how can you reduce it?

• A. A measure of network speed; reduce by upgrading hardware.
• B. The number of users; reduce by deleting accounts only.
• C. The geographical area of data centers; reduce by consolidating data centers.
• D. The set of points where an attacker could compromise a system; reduce by minimizing exposed services, patching, and applying strict access controls.

Answer: (D)

The attack surface is the set of points where an attacker could potentially compromise a system—the interfaces, services, APIs, user inputs, and network endpoints that are exposed to outsiders. To reduce it, you minimize what is exposed and harden those points. Remove or disable unnecessary services and features, close unused ports, and enforce strict access controls with least-privilege principles and strong authentication. Keep systems up to date with patches and secure configurations, and segment networks to limit how an attacker can move if they get in. Apply secure coding practices and input validation for software, and maintain continuous monitoring to spot unusual activity. Regular vulnerability scanning and prompt remediation, along with disciplined change control, help keep the surface minimized over time. It isn’t about network speed, the number of users, or the geographic location of data centers.