CAS-003 · Question #532
CAS-003 Question #532: Real Exam Question with Answer & Explanation
The correct answer is C: Associate the devices with an isolated wireless network configured for WPA2 and EAP-. Since the vendor has not released firmware patches, the vulnerabilities cannot be eliminated directly. The best compensating control is network isolation: placing the IoT devices on a dedicated, segmented SSID with WPA2 and EAP (enterprise authentication) limits the blast radius
Question
Options
- ADirect wire the IoT devices into physical switches and place them on an exclusive VLAN.
- BRequire sensors to sign all transmitted unlock control messages digitally.
- CAssociate the devices with an isolated wireless network configured for WPA2 and EAP-
- DImplement an out-of-band monitoring solution to detect message injections and
Explanation
Since the vendor has not released firmware patches, the vulnerabilities cannot be eliminated directly. The best compensating control is network isolation: placing the IoT devices on a dedicated, segmented SSID with WPA2 and EAP (enterprise authentication) limits the blast radius if a device is compromised and restricts who can communicate with the devices. Directly wiring 802.11 devices (A) is architecturally incompatible with their wireless-only design. Requiring digital signatures on control messages (B) does not address network-level vulnerabilities. Out-of-band monitoring (D) detects attacks after the fact but does not prevent them. Isolation with strong authentication is the strongest available mitigating control.
Community Discussion
No community discussion yet for this question.