The IT department is concerned about the possibility of a guest device infecting machines on the corporate network or taking down the company's single Internet connection. Which of the following should a security analyst recommend to BEST meet the requirements outlined by the IT department?
To best address the IT department’s concern about guest devices potentially infecting machines on the corporate network or taking down the company’s single Internet connection, placing a firewall between the corporate network and the guest network is the optimal solution. A firewall creates a physical barrier that controls and monitors traffic between the two networks, thereby isolating and protecting the corporate network from potential threats originating from guest devices. This method ensures that even if a guest device is compromised, it cannot directly affect the corporate network or disrupt the sole Internet connection.
NAC can be configured to place guest devices in a restricted network segment or VLAN, isolating them from critical corporate resources. This limits the potential impact of any compromise.
Even if the machine is up-to-date with patches and has an active AV running, why would you allow a guest on your cooperate network ????? what if the guest performs a 0-day that the AV can't, or performs reconnaissance?? or brings down the second....segementation with a firewall is the best option
A firewall is a device or software that monitors and controls incoming and outgoing network traffic based on predefined rules or policies. A firewall can help prevent unauthorized or malicious traffic from entering or leaving a network, and protect network resources from external threats. Placing a firewall in between the corporate network and the guest network can help prevent a guest device from infecting machines on the corporate network or taking down the company’s single internet connection, as it can block or filter any unwanted or harmful traffic from the guest network.
ChatGPG: Implement Network Access Control (NAC) solutions to enforce policies on guest device access. NAC can check guest devices for compliance with security policies before allowing them to connect to the network.
You always segment the guest network from the corporate network. B would still allow the quests on your corporate network which is a huge risk by itself.
I am voting for C. Using NAC on guest computers does not make sense to me. Usually guests should be separated from corporate.
B) would ensure that only devices that meet the company's security standards are allowed to connect to the network, minimizing the risk of malware infections or attacks. C) is a good security measure, but it may not be enough to prevent guest devices from infecting machines on the corporate network
B. Configure NAC to only allow machines on the network that are patched and have active antivirus: While Network Access Control (NAC) is a good security practice, it might not be feasible to enforce patching and active antivirus on all guest devices.
SINGLE internet connection, meaning its likely they do not even have a guest network. If that was not stated I would likely say C to segment the networks, but it seems like that is not an option.
i think answer is B Network Access Control (NAC) ▪ A general term for the collected protocols, policies, and hardware that authenticate and authorize access to a network at the device level
Taking down the company's single interned connection is a concern being fixed....
What are the general capabilities of a NAC solution? NAC solutions help organizations control access to their networks through the following capabilities: Policy lifecycle management: Enforces policies for all operating scenarios without requiring separate products or additional modules. Profiling and visibility: Recognizes and profiles users and their devices before malicious code can cause damage. Guest networking access: Manage guests through a customizable, self-service portal that includes guest registration, guest authentication, guest sponsoring, and a guest management portal. Security posture check: Evaluates security-policy compliance by user type, device type, and operating system. Incidence response: Mitigates network threats by enforcing security policies that block, isolate, and repair noncompliant machines without administrator attention. Bidirectional integration: Integrate with other security and network solutions through the open/RESTful API.
take it or leave it. The answer is C
C: Place a firewall between the corporate network and the guest network. Placing a firewall between the corporate network and the guest network is a common and effective security measure to isolate and protect the corporate network from potential threats originating from guest devices. By implementing a firewall, you can control and monitor the traffic flowing between the two networks, allowing you to enforce security policies and restrict unauthorized access
The point of the questions is the access to the single internet point of the office. Normally will be C if we have more than one point to internet but for a single point option C is not viable
It's standard practice to put guest devices on a separate network with a firewall. To allow guest devices on a corporate network would be unwise.
A firewall can be configured to restrict network traffic between the corporate network and the guest network. This will prevent any infected guest device from infecting the corporate network and protect the company's single Internet connection from being taken down
I'm going with C. In order for you NAC configuration to verify patches and anitvirus, it would need client installed on every machine, including your guests, which isn't feasible, same reason A isn't correct. CYSA+ seems to be big on segmentation which all points to C being the correct answer.
NAC works in agent and/or agentless mode.
Looks like you never worked with BYOD products, that won't let you into the network until you login to a portal where you will install the onboarding software to allow you as a guest in the corporate network. B should be the correct answer.