CompTIA
CAS-001 · Question #167
CAS-001 Question #167: Real Exam Question with Answer & Explanation
The correct answer is E: Develop interconnection policy.. When integrating acquired businesses, the security team must first assess risk and establish governance before implementing any technical controls.
Question
A corporation has expanded for the first time by integrating several newly acquired businesses. Which of the following are the FIRST tasks that the security team should undertake? (Select TWO).
Options
- ARemove acquired companies Internet access.
- BFederate identity management systems.
- CInstall firewalls between the businesses.
- DRe-image all end user computers to a standard image.
- EDevelop interconnection policy.
- FConduct a risk analysis of each acquired company's networks.
Explanation
When integrating acquired businesses, the security team must first assess risk and establish governance before implementing any technical controls.
Common mistakes.
- A. Removing Internet access is a disruptive operational action that should not be taken before understanding what risks actually exist through a proper risk analysis.
- B. Federating identity management systems is a technical integration step that is premature until a risk analysis and interconnection policy define how and whether systems should be linked.
- C. Installing firewalls is a technical control that should only be deployed after risk analysis and policy development determine the appropriate network segmentation requirements.
- D. Re-imaging end user computers is an extreme and disruptive action that cannot be justified without first assessing the actual risk posture of each acquired company.
Concept tested. Mergers and acquisitions security integration sequencing
Reference. https://csrc.nist.gov/publications/detail/sp/800-47/rev-1/final
Community Discussion
No community discussion yet for this question.