nerdexam
ExamsCAS-003Questions#359
CompTIA

CAS-003 · Question #359

CAS-003 Question #359: Real Exam Question with Answer & Explanation

The correct answer is C: Segment the home network to separate network traffic from users and the IoT devices, ensure. Network segmentation isolates IoT devices from personal user traffic, preventing lateral movement and containing the impact of a compromised device.

Question

A user asks a security practitioner for recommendations on securing a home network. The user recently purchased a connected home assistant and multiple IoT devices in an effort to automate the home. Some of the IoT devices are wearables, and other are installed in the user's automobiles. The current home network is configured as a single flat network behind an ISP- supplied router. The router has a single IP address, and the router performs NAT on incoming traffic to route it to individual devices. Which of the following security controls would address the user's privacy concerns and provide the BEST level of security for the home network?

Options

  • AEnsure all IoT devices are configured in a geofencing mode so the devices do not work when
  • BInstall a firewall capable of cryptographically separating network traffic require strong
  • CSegment the home network to separate network traffic from users and the IoT devices, ensure
  • DChange all default passwords on the IoT devices, disable Internet access for the IoT devices and

Explanation

Network segmentation isolates IoT devices from personal user traffic, preventing lateral movement and containing the impact of a compromised device.

Common mistakes.

  • A. Geofencing restricts where a device operates but does not create a network security boundary or protect data privacy when devices are within the allowed geographic area.
  • B. Cryptographic network separation is an enterprise-grade architectural control that introduces significant complexity and cost, and does not directly resolve the flat-network topology that permits unrestricted lateral communication between devices.
  • D. Disabling Internet access removes cloud-dependent functionality that many IoT devices require for core operation, and does not eliminate the lateral movement threat that exists because all devices share the same flat network segment.

Concept tested. IoT network segmentation to reduce attack surface

Reference. https://csrc.nist.gov/publications/detail/sp/800-213/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice