CompTIA CASP+ (CAS-003) — Question 247

A hospital is using a functional magnetic resonance imaging (fMRI) scanner, which is controlled by a legacy desktop connected to the network. The manufacturer of the fMRI will not support patching of the legacy system. The legacy desktop needs to be network accessible on TCP port 445. A security administrator is concerned the legacy system will be vulnerable to exploits. Which of the following would be the BEST strategy to reduce the risk of an outage while still providing for security?

Answer options

• A. Install HIDS and disable unused services
• B. Enable application whitelisting and disable SMB
• C. Segment the network and configure a controlled interface
• D. Apply only critical security patches for known vulnerabilities

Correct answer: C

Explanation

The best strategy to reduce risk while maintaining network access for the legacy system is to segment the network and configure a controlled interface, as this minimizes exposure to potential threats. Installing HIDS and disabling unused services may not fully protect the system from network-based attacks. Enabling application whitelisting and disabling SMB could hinder necessary functionalities, while applying only critical patches does not address the underlying support issue of the legacy system.