CompTIA CASP+ (CAS-003) — Question 180

A core router was manipulated by a credentialed bypass to send all network traffic through a secondary router under the control of an unauthorized user connected to the network by WiFi.
Which of the following would BEST reduce the risk of this attack type occurring?

Answer options

• A. Implement a strong, complex password policy for user accounts that have access to the core router.
• B. Deploy 802.1X as the NAC system for the WiFi infrastructure.
• C. Add additional port security settings for the switching environment connected to the core router.
• D. Allow access to the core router management interface only through an out-of-band channel.

Correct answer: D

Explanation

Allowing access to the core router management interface exclusively through an out-of-band channel significantly decreases the chances of unauthorized access, as it isolates management traffic from the regular network. While strong password policies and NAC systems improve security, they do not completely mitigate the risks associated with potential credential misuse or unauthorized access over WiFi. Enhancing port security settings is also beneficial but does not address the management access issue directly.