During a gap assessment, an organization notes that OYOD usage is a significant risk. The organization implemented administrative policies prohibiting BYOD usage However, the organization has not implemented technical controls to prevent the unauthorized use of BYOD assets when accessing the organization's resources. Which of the following
solutions should the organization implement to b»« reduce the risk of OYOD devices? (Select two).
Correct Answer:BC
To reduce the risk of unauthorized BYOD (Bring Your Own Device) usage, the organization should implement Conditional Access and Network Access Control (NAC). Why Conditional Access and NAC?
✑ Conditional Access:
✑ Network Access Control (NAC):
Other options, while useful, do not address the specific need to control and secure BYOD devices effectively:
✑ A. Cloud IAM to enforce token-based MFA: Enhances authentication security but
does not control device compliance.
✑ D. PAM to enforce local password policies: Focuses on privileged account management, not BYOD control.
✑ E. SD-WAN to enforce web content filtering: Enhances network performance and security but does not enforce BYOD device compliance.
✑ F. DLP to enforce data protection capabilities: Protects data but does not control BYOD device access and compliance.
References:
✑ CompTIA SecurityX Study Guide
✑ "Conditional Access Policies," Microsoft Documentation
✑ "Network Access Control (NAC)," Cisco Documentation
A compliance officer is reviewing the data sovereignty laws in several countries where the organization has no presence Which of the following is the most likely reason for reviewing these laws?
Correct Answer:C
Reviewing data sovereignty laws in countries where the organization has no presence is likely due to concerns about regulatory enforcement. Data sovereignty laws dictate how data can be stored, processed, and transferred across borders. Understanding these laws is crucial for compliance, especially if the organization handles data that may be subject to foreign regulations.
✑ A. The organization is performing due diligence of potential tax issues: This is less
likely as tax issues are generally not directly related to data sovereignty laws.
✑ B. The organization has been subject to legal proceedings in countries where it has a presence: While possible, this does not explain the focus on countries where the organization has no presence.
✑ C. The organization is concerned with new regulatory enforcement in other countries: This is the most likely reason. New regulations could impact the organization??s operations, especially if they involve data transfers or processing data from these countries.
✑ D. The organization has suffered brand reputation damage from incorrect media
coverage: This is less relevant to the need for reviewing data sovereignty laws.
References:
✑ CompTIA Security+ Study Guide
✑ GDPR and other global data protection regulations
✑ "Data Sovereignty: The Future of Data Protection?" by Mark Burdon
A security team is responding to malicious activity and needs to determine the scope of impact the malicious activity appears to affect certain version of an application used by the organization Which of the following actions best enables the team to determine the scope of Impact?
Correct Answer:C
Reviewing the asset inventory allows the security team to identify all instances of the affected application versions within the organization. By knowing which
systems are running the vulnerable versions, the team can assess the full scope of the impact, determine which systems might be compromised, and prioritize them for further investigation and remediation.
Performing a port scan (Option A) might help identify open ports but does not provide specific information about the application versions. Inspecting egress network traffic (Option B) and analyzing user behavior (Option D) are important steps in the incident response process but do not directly identify which versions of the application are affected. References:
✑ CompTIA Security+ Study Guide
✑ NIST SP 800-61 Rev. 2, "Computer Security Incident Handling Guide"
✑ CIS Controls, "Control 1: Inventory and Control of Hardware Assets" and "Control 2: Inventory and Control of Software Assets"
Users are experiencing a variety of issues when trying to access corporate resources examples include
• Connectivity issues between local computers and file servers within branch offices
• Inability to download corporate applications on mobile endpoints wtiilc working remotely
• Certificate errors when accessing internal web applications
Which of the following actions are the most relevant when troubleshooting the reported issues? (Select two).
Correct Answer:AF
The reported issues suggest problems related to network connectivity, remote access, and certificate management:
✑ A. Review VPN throughput: Connectivity issues and the inability to download applications while working remotely may be due to VPN bandwidth or performance issues. Reviewing and optimizing VPN throughput can help resolve these problems by ensuring that remote users have adequate bandwidth for accessing corporate resources.
✑ F. Validate MDM asset compliance: Mobile Device Management (MDM) systems
ensure that mobile endpoints comply with corporate security policies. Validating MDM compliance can help address issues related to the inability to download applications and certificate errors, as non-compliant devices might be blocked from accessing certain resources.
✑ B. Check IPS rules: While important for security, IPS rules are less likely to directly
address the connectivity and certificate issues described.
✑ C. Restore static content on the CDN: This action is related to content delivery but does not address VPN or certificate-related issues.
✑ D. Enable secure authentication using NAC: Network Access Control (NAC) enhances security but does not directly address the specific issues described.
✑ E. Implement advanced WAF rules: Web Application Firewalls protect web applications but do not address VPN throughput or mobile device compliance.
References:
✑ CompTIA Security+ Study Guide
✑ NIST SP 800-77, "Guide to IPsec VPNs"
✑ CIS Controls, "Control 11: Secure Configuration for Network Devices"
A company that relies on an COL system must keep it operating until a new solution is available Which of the following is the most secure way to meet this goal?
Correct Answer:A
To ensure the most secure way of keeping a legacy system (COL) operating until a new solution is available, isolating the system and enforcing strict firewall rules is the best approach. This method minimizes the attack surface by restricting access to only the necessary endpoints, thereby reducing the risk of unauthorized access and potential security breaches. Isolating the system ensures that it is not exposed to the broader network, while firewall rules control the traffic that can reach the system, providing a secure environment until a replacement is implemented.
References:
✑ CompTIA SecurityX Study Guide: Recommends network isolation and firewall rules as effective measures for securing legacy systems.
✑ NIST Special Publication 800-82, "Guide to Industrial Control Systems (ICS) Security": Advises on isolating critical systems and using firewalls to control access.
✑ "Network Security Assessment" by Chris McNab: Discusses techniques for isolating systems and enforcing firewall rules to protect vulnerable or legacy systems.
By isolating the system and implementing strict firewall controls, the organization can maintain the necessary operations securely while working on deploying a new solution.