Two New Technical SMB Security Settings for Increased Secure Communications | Exam CAS-003: CompTIA CASP+ | Provider: CompTIA

Mitigation Strategies for Inability to Connect to Department Shares - CompTIA CAS-003 Exam Answer

Question

Two new technical SMB security settings have been enforced and have also become policies that increase secure communications.

Network Client: Digitally sign communication Network Server: Digitally sign communication A storage administrator in a remote location with a legacy storage array, which contains time-sensitive data, reports employees can no longer connect to their department shares.

Which of the following mitigation strategies should an information security manager recommend to the data owner?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A.

The situation described in the question involves a storage administrator in a remote location who reports that employees can no longer connect to their department shares after two new security settings were enforced. The settings require digitally signed communication from both the network client and server. This suggests that the legacy storage array in the remote location may not support these new security settings, resulting in the connectivity issue.

Given this scenario, the information security manager needs to recommend a mitigation strategy to the data owner to address the risk and ensure the security of the time-sensitive data. Let's review the available options:

A. Accept the risk, reverse the settings for the remote location, and have the remote location file a risk exception until the legacy storage device can be upgraded.

This option suggests that the information security manager should temporarily reverse the new security settings for the remote location and file a risk exception until the legacy storage device can be upgraded. While this option may provide a temporary solution, it does not address the underlying security risk and may expose the data to potential threats.

B. Accept the risk for the remote location, and reverse the settings indefinitely since the legacy storage device will not be upgraded.

This option suggests accepting the risk and reversing the new security settings indefinitely since the legacy storage device will not be upgraded. This option may provide a short-term solution, but it exposes the data to potential threats, making it an unacceptable approach.

C. Mitigate the risk for the remote location by suggesting a move to a cloud service provider. Have the remote location request an indefinite risk exception for the use of cloud storage.

This option suggests mitigating the risk by suggesting a move to a cloud service provider and requesting an indefinite risk exception for the use of cloud storage. While this option may address the connectivity issue, it may also introduce new risks associated with data privacy and security.

D. Avoid the risk, leave the settings alone, and decommission the legacy storage device.

This option suggests decommissioning the legacy storage device to avoid the risk associated with the new security settings. While this may be a viable solution, it is not always practical, especially if the legacy storage device contains valuable data that needs to be accessed.

Considering the options, the best approach would be to mitigate the risk by finding a solution that addresses the connectivity issue without compromising security. The information security manager could work with the storage administrator to find a way to upgrade the legacy storage device or implement a workaround that allows for secure communication while maintaining connectivity. This would require further investigation into the technical details of the storage array and the compatibility of the new security settings.

In summary, the information security manager should not accept the risk or avoid the risk by decommissioning the storage device. Instead, they should mitigate the risk by finding a solution that addresses the connectivity issue while maintaining the security of the time-sensitive data.