200-301 Question #642: Real Exam Question with Answer & Explanation

Question

Which two practices are recommended for an acceptable security posture in a network? (Choose two)

Options

• ABackup device configurations to encrypted USB drives for secure retrieval
• BMaintain network equipment in a secure location
• CUse a cryptographic keychain to authenticate to network devices
• DPlace internal email and file servers in a designated DMZ
• EDisable unused or unnecessary ports, interfaces and services

Explanation

Maintaining network equipment in a physically secure location and disabling unused ports, interfaces, and services are two fundamental practices for improving network security posture.

Common mistakes.

• A. While backing up configurations is good, relying solely on encrypted USB drives for secure retrieval isn't a universally recommended enterprise practice, as centralized, robust backup systems are generally preferred.
• C. Using a cryptographic keychain is a specific method for secure authentication between devices, not a broad security posture practice equivalent to physical security or attack surface reduction.
• D. Placing internal email and file servers in a DMZ is generally a poor security practice; DMZs are for services exposed to untrusted networks, while internal servers should be in the internal network behind appropriate firewalls.

Concept tested. Network security best practices

Reference. https://www.cisco.com/c/en/us/solutions/small-business/resource-center/secure-your-network/network-security-best-practices.html

No community discussion yet for this question.