The Chief Information Officer (CIO) for a large manufacturing organization has noticed a significant number of unknown devices with possible malware infections are on the organization's corporate network.
Which of the following would work BEST to prevent the issue?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The scenario described in the question is a common problem faced by organizations, where unknown devices with possible malware infections are present on the corporate network. In order to prevent this issue, several steps can be taken. Let's review the options provided and determine the best approach:
A. Reconfigure the NAC solution to prevent access based on a full device profile and ensure antivirus is installed. NAC (Network Access Control) is a security solution that restricts access to the network by devices that do not meet certain predefined security requirements. Reconfiguring the NAC solution to prevent access based on a full device profile is a good approach to prevent unknown devices from accessing the network. Also, ensuring that antivirus is installed on all devices that are allowed to access the network is an essential security measure to prevent malware infections.
B. Segment the network to isolate all systems that contain highly sensitive information, such as intellectual property. Segmenting the network to isolate systems that contain highly sensitive information is also a good approach to prevent malware infections. By doing this, even if an infected device gains access to the network, it will not be able to access sensitive information. However, this approach alone may not be sufficient to prevent unknown devices from accessing the network.
C. Implement certificate validation on the VPN to ensure only employees with the certificate can access the company network. Implementing certificate validation on the VPN is a good approach to ensure that only authorized employees can access the company network. However, this approach alone may not be sufficient to prevent unknown devices from accessing the network.
D. Update the antivirus configuration to enable behavioral and real-time analysis on all systems within the network. Updating the antivirus configuration to enable behavioral and real-time analysis on all systems within the network is a good approach to detect and prevent malware infections. However, this approach alone may not be sufficient to prevent unknown devices from accessing the network.
Based on the above analysis, option A seems to be the best approach to prevent the issue described in the scenario. Reconfiguring the NAC solution to prevent access based on a full device profile and ensuring antivirus is installed on all devices that are allowed to access the network will prevent unknown devices with possible malware infections from accessing the network.