312-50V12 Question #173: Real Exam Question with Answer & Explanation

Question

As a cybersecurity analyst at TechSafe Inc., you are working on a project to improve the security of a smart home system. This IoT-enabled system controls various aspects of the home, from heating and lighting to security cameras and door locks. Your client wants to ensure that even if one device is compromised, the rest of the system remains secure. Which of the following strategies would be most effective for this purpose?

Options

• ARecommend using a strong password for the smart home system's main control panel.
• BSuggest implementing two-factor authentication for the smart home system's mobile app.
• CPropose frequent system resets to clear any potential malware.
• DAdvise using a dedicated network for the smart home system, separate from the home's main Wi-

Explanation

To prevent a compromised IoT device from affecting the entire smart home system, network segmentation is the most effective strategy. This isolates the IoT devices, limiting the potential impact of a breach to that specific segment.

Common mistakes.

• A. Using a strong password for the control panel improves authentication but does not prevent a compromised IoT device, such as a smart bulb, from potentially attacking other devices on the same flat network.
• B. Implementing two-factor authentication for the mobile app enhances user access security but does not provide network-level isolation between IoT devices themselves, leaving them vulnerable to lateral movement if one is compromised.
• C. Proposing frequent system resets is a reactive measure for remediation and does not proactively prevent the spread of malware or limit the blast radius of a compromised device within the network.

Concept tested. Network segmentation for IoT security and blast radius containment

Reference. https://learn.microsoft.com/en-us/azure/architecture/framework/security/design-network-segmentation

No community discussion yet for this question.