Within the Domain Security Overview,Goalsare used to tailor how identity risks are grouped, evaluated, and reported. TheReduce Attack Surfacegoal is the only option thatincorporates all identity risks into a single, comprehensive security assessment.

The CCIS curriculum explains that Reduce Attack Surface provides a holistic view of identity exposure by aggregating risks related to authentication paths, account hygiene, privileges, misconfigurations, and legacy identity weaknesses. This goal is designed for organizations seeking an overall understanding of their identity security posture rather than focusing on a specific domain such as privileged users or directory hygiene.

Other goals are more specialized:

AD Hygienefocuses on directory configuration issues.

Privileged User Managementconcentrates on high-privilege identities.

Pen Testingaligns more with adversarial simulation than continuous risk assessment.

Reduce Attack Surface aligns directly withZero Trust principles, helping organizations identify and eliminate unnecessary identity access paths. Therefore,Option Cis the correct and verified answer.