SY0-501 · Question #377
SY0-501 Question #377: Real Exam Question with Answer & Explanation
The correct answer is C: Air gap the desktops.. To ensure desktops are as isolated as possible while still allowing local login, the best method is to physically disconnect them from all networks.
Question
A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops' local account to verify that a product is being created within specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST way to accomplish this?
Options
- APut the desktops in the DMZ.
- BCreate a separate VLAN for the desktops.
- CAir gap the desktops.
- DJoin the desktops to an ad-hoc network.
Explanation
To ensure desktops are as isolated as possible while still allowing local login, the best method is to physically disconnect them from all networks.
Common mistakes.
- A. Placing desktops in a DMZ still connects them to a network segment, typically for controlled external access, which contradicts the goal of maximum isolation.
- B. Creating a separate VLAN segments the network but does not remove the desktops from the network entirely, failing to provide the "as isolated as possible" level of isolation.
- D. Joining desktops to an ad-hoc network creates direct network connections between devices, directly opposing the requirement for maximum isolation.
Concept tested. Network isolation via air gapping
Reference. https://learn.microsoft.com/en-us/compliance/regulatory/offshore-security-guidance-air-gap-systems
Community Discussion
No community discussion yet for this question.