nerdexam
CompTIA

SY0-301 · Question #819

The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the

The correct answer is C. Firewalls. Firewalls satisfy both requirements: they enforce network segmentation by controlling traffic between network segments (segregating credit card systems from the corporate network) and they maintain logs of allowed and denied connections (meeting the access logging requirement). T

Security architecture

Question

The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO's requirements?

Options

  • ASniffers
  • BNIDS
  • CFirewalls
  • DWeb proxies
  • ELayer 2 switches

How the community answered

(41 responses)
  • A
    2% (1)
  • C
    95% (39)
  • D
    2% (1)

Explanation

Firewalls satisfy both requirements: they enforce network segmentation by controlling traffic between network segments (segregating credit card systems from the corporate network) and they maintain logs of allowed and denied connections (meeting the access logging requirement). This directly aligns with PCI-DSS requirements. Sniffers (Option A) capture traffic but do not block or segment. NIDS (Option B) detects intrusions but does not enforce segmentation. Web proxies (Option D) control web traffic but do not provide full network segmentation. Layer 2 switches (Option E) can create VLANs for logical separation but lack the stateful traffic filtering and logging capabilities of a firewall.

Topics

#network segmentation#PCI DSS#firewalls#access logging

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice