Which security practice focuses on blocking unauthorized services and allowing only necessary ones?

The choice that focuses on blocking unauthorized services and allowing only necessary ones is the approach known as "Deny by Default." This practice establishes a security posture where all services are denied access by default, and only those that are explicitly permitted are allowed. This principle minimizes the attack surface by ensuring that only necessary and approved services have access to the network, reducing the risk of unauthorized access or exploitation of vulnerabilities associated with unnecessary services.

In contrast, the open access policy would allow more services by default, leading to potential vulnerabilities. Allow by Default would similarly permit services without stringent restrictions, which could lead to unauthorized access. Service-level agreement compliance revolves around ensuring that the agreed-upon services and performance are met, but it does not directly focus on the blocking or permitting of services based on necessity. Therefore, "Deny by Default" effectively enhances security by implementing a strict control policy over which services can access the network.