CompTIA
CAS-002 · Question #207
CAS-002 Question #207: Real Exam Question with Answer & Explanation
The correct answer is B: Determine the necessary data flows between the two companies.. Before connecting two merging companies' networks, both sides must first identify and agree on exactly which data flows are required to define the minimum necessary connectivity.
Question
Company ABC will test connecting networks with Company XYZ as part of their upcoming merger and are both concerned with minimizing security exposures to each others network throughout the test. Which of the following is the FIRST thing both sides should do prior to connecting the networks?
Options
- ACreate a DMZ to isolate the two companies and provide a security inspection point for all
- BDetermine the necessary data flows between the two companies.
- CImplement a firewall that restricts everything except the IPSec VPN traffic connecting the
- DImplement inline NIPS on the connection points between the two companies.
Explanation
Before connecting two merging companies' networks, both sides must first identify and agree on exactly which data flows are required to define the minimum necessary connectivity.
Common mistakes.
- A. Creating a DMZ is a valid architectural control but requires prior knowledge of which traffic must traverse it; building the DMZ without defined data flows leads to misconfigured access rules.
- C. Implementing a firewall for IPSec VPN traffic is a technical execution step that must follow the data flow analysis phase, as the firewall rules depend on knowing what traffic is permitted.
- D. Deploying inline NIPS requires a baseline of expected traffic patterns to detect anomalies accurately; without defined data flows, the NIPS cannot be tuned and will generate excessive false positives.
Concept tested. Data flow analysis as first step in inter-organizational network integration
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-47r1.pdf
Community Discussion
No community discussion yet for this question.