A healthcare system recently suffered from a ransomware incident. As a result, the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits, and had open RDP access to servers with personal health information. As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges?
(Choose three.)
To address the challenges the healthcare system is facing, the best solutions are Privileged Access Management (PAM), Multi-Factor Authentication (MFA), and Network Segmentation. Network Segmentation would help by breaking the flat network into more secure, manageable segments, which is crucial for preventing lateral movement by attackers. PAM is essential for enforcing strict controls over privileged access, addressing the issue of no privileged access limits. Lastly, MFA would add an additional layer of security to the authentication process, reducing the risk of unauthorized access even if an RDP connection is exposed.
completely flat E, had no privileged access limits B, and had open RDP access to servers E
completely flat E, had no privileged access limits B, and had open RDP access to servers C
The correct answers are B, PAM (privilege access management); E, Network segmentation; and D, MFA (multi-factor authentication).
I agree.
MFA does not solve the open unsafe RDP access. You have to tunnel it with a Ipsec site-to-site VPN
nowhere in the question does it specify that they were open to public. Looks like they were just open on the flat network. implementing MFA to the RDP logins is the best way how to secure it internally.
E. Network Segmentation - Flat network B. PAM - No privileged access limits G. NAC - open RDP access to servers with PHI
B. PAM (Privileged Access Management): This solution would help limit privileged access to the network and ensure that only authorized users can access sensitive information. D. MFA (Multi-Factor Authentication): This solution would add an additional layer of security to prevent unauthorized access to the network. E. Network Segmentation: This solution would help isolate different parts of the network and reduce the attack surface by creating distinct security zones for different types of resources, such as servers containing personal health information.
BDE = Security Concepts ACF = Networking Concepts (Operations) This is a security exam. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
The question is asking for improvement on NETWORK SECURITY. PAM for privelege access management. VPNs for improving on RDP security. Network segmentation to unflatten the network. You're way off on this one.
A VPN doesn't do squat to improve RDP security. Except now you have the luxury of accessing PHI from home. I'm going with BDE.
Based on the information provided, the three solutions that would BEST solve these challenges are: E. Network segmentation: Network segmentation can help to divide the network into smaller, isolated segments, making it more difficult for attackers to move laterally within the network. By segmenting the network, the impact of a compromise can be minimized and the scope of a breach can be contained. B. PAM: Privileged access management (PAM) can help to control and monitor access to privileged accounts, such as those used by system administrators and IT staff. By implementing PAM, the healthcare system can restrict access to sensitive systems and limit the damage that an attacker can do if they gain access to privileged accounts. D. MFA: Multi-factor authentication (MFA) can help to prevent unauthorized access to systems and applications. By requiring users to provide more than one form of authentication, such as a password and a token, MFA can help to ensure that only authorized users are able to access sensitive information.
- Network segmentation restricts access to PHI-containing servers to only authorized individuals or devices within specific segments of the network. - Privileged Access Management ensures that privileged accounts, which have elevated access to critical systems and data, are tightly controlled and monitored. - Multi-Factor Authentication adds an extra layer of security to the authentication process, making it more difficult for attackers to compromise user credentials and gain unauthorized access to sensitive resources. I'm not going with VPN, because yes, it's a VPN to get into the network. it doesn't directly secure the servers. MFA at least means that they have to have more than one way to prove their access.
B,E,G makes the most sense. C, does not seem correct as remote access is not listed as a problem or requirement for them. The RDP access can be remediated most easily with Network Access Controls (NAC). Additionally, the introduction of the VPN would not solve the issue of open RDP access on the LAN.
E. Network Segmentation - Flat network B. PAM - No privileged access limits G. NAC - open RDP access to servers with PHI
Changing to BCE as PAM overlaps MFA, so we need to focus on a secure RDP session which would be done with remote VPN
A vpn does not secure a connection to RDP in a sever. All it does is secure the connect from the user through the RDP connection. MFA applies access control authentication which does implement a security measure for the issues mentioned
Changing to BCE
agree with PAM, VPN, and Network Segmentation.
B: Privilege access remediation C: Remote access VPN (RDP makes it encrypted )remediation E: Flat network remediation
Network Segmentation and PAM are 100% correct answers. Leaning towards G for the last requirement, C is the only other possibility. going with B, E, G
BCE makes most sense
I know B and G are correct as far as the third option, I went with D: multi-factor authentication but it easily can be Network segmantation
I would go for BEG because B: PAM: will solve our access issues and limit users from accessing PPI E: Network segmentation should help with Flat network. G NAC will unify our endpoint security and handle authentication for us
I agree with everyone who selected PAM to address the no privilege access limits and network segmentation to address the flat network. But I think the third answer is NAC to address the open RDP access to servers with PHI. I can understand why Remote access VPN could be a choice because the thought of having a more secure connection would solve the RDP access. However, a VPN only gets you to the network and once inside the network, you can still RDP to those servers. I think the real issue here is protecting PHI and with NAC, you can address that by limiting network access to those servers.