SY0-701 Question #550: Real Exam Question with Answer & Explanation

Question

A network administrator wants to ensure that network traffic is highly secure while in transit. Which of the following actions best describes the actions the network administrator should take?

Options

• AEnsure that NAC is enforced on all network segments, and confirm that firewalls have updated
• BEnsure only TLS and other encrypted protocols are selected for use on the network, and only
• CConfigure the perimeter IPS to block inbound HTTPS directory traversal traffic, and verify that
• DEnsure the EDR software monitors for unauthorized applications that could be used by threat

Explanation

Option B directly addresses the core requirement: data security while in transit. TLS and other encrypted protocols (e.g., HTTPS, SSH, SFTP) wrap data in cryptographic protection as it travels across the network, preventing interception or tampering - which is precisely what "in transit" security means.

Why the distractors are wrong:

• A (NAC + firewalls): NAC controls who can access the network, and firewalls filter which traffic is allowed - neither encrypts the actual data flowing between endpoints.
• C (IPS blocking HTTPS traversal): A perimeter IPS detects and blocks attack patterns; it is a traffic-filtering tool, not a mechanism that secures data in transit.
• D (EDR monitoring): EDR protects endpoints (devices) from malicious applications - it operates at the host level, not the network transport level.

Memory tip: Anchor the phrase "in transit = encryption." Any time an exam question specifies securing data as it moves, your answer should involve a cryptographic/encryption protocol (TLS, IPSec, SSH). The other options - NAC, IPS, EDR - are access control, traffic filtering, and endpoint tools respectively, and none of them encrypt the data stream itself.

No community discussion yet for this question.