Cisco
400-007 · Question #237
400-007 Question #237: Real Exam Question with Answer & Explanation
The correct answer is C. Apply a context-based network access control policy. After discovering and classifying IoT and OT devices on the network, applying a context-based network access control policy is the immediate next step to contain lateral movement and isolate vulnerable devices.
Designing Security
Question
A security architect receives reports of these incidents: - An attacker exploits printers and medical devices in the organization to gain control of the network. - An attacker disrupts operations through attacks on networked business infrastructure. What is the next step to address these issues after discovery and classification of devices?
Options
- AEnsure trustworthiness of devices
- BAssess continuous security health monitoring
- CApply a context-based network access control policy
- DEnforce risk-based and adaptive access policies
Explanation
After discovering and classifying IoT and OT devices on the network, applying a context-based network access control policy is the immediate next step to contain lateral movement and isolate vulnerable devices.
Common mistakes.
- A. Ensuring device trustworthiness is part of the discovery and classification phase itself, not the step that follows it.
- B. Continuous security health monitoring is an ongoing operational activity that comes after foundational access control policies are in place, not the immediate post-classification step.
- D. Risk-based and adaptive access policies are a more advanced, dynamic control layer that builds on top of baseline context-based NAC, making C the prerequisite step.
Concept tested. IoT/OT network segmentation via context-based NAC
Reference. https://www.cisco.com/c/en/us/solutions/internet-of-things/iot-security.html
Topics
#IoT security#network access control#device classification#network segmentation
Community Discussion
No community discussion yet for this question.