Final answer:
The action that is NOT recommended for system hardening is allowing patching decisions to be made by system administrators without a structured process. Structured and consistent patch management is necessary for maintaining system security.
Step-by-step explanation:
The question asks which action is NOT recommended when hardening a system. Hardening a system refers to the processes and practices that improve its security. The following actions are considered good practices in system hardening:
- Enabling malware protection to defend the system from malicious software.
- Changing default passwords to prevent unauthorized access through commonly known default credentials.
- Disabling default accounts that are not in use to minimize potential attack vectors.
The action that is NOT recommended is a. Allowing patching decisions to be made by system administrators as a blanket statement with no additional context or controls. It is important to have a structured and consistent patch management process to ensure that patches are tested and applied promptly to maintain security. Leaving these decisions entirely up to system administrators without guidelines could lead to inconsistent patching and potentially leave the system vulnerable.