CompTIA CASP+ (CAS-003) — Question 265

An organization is deploying IoT locks, sensors, and cameras, which operate over 802.11, to replace legacy building access control systems. These devices are capable of triggering physical access changes, including locking and unlocking doors and gates. Unfortunately, the devices have known vulnerabilities for which the vendor has yet to provide firmware updates.
Which of the following would BEST mitigate this risk?

Answer options

• A. Direct wire the IoT devices into physical switches and place them on an exclusive VLAN.
• B. Require sensors to sign all transmitted unlock control messages digitally.
• C. Associate the devices with an isolated wireless network configured for WPA2 and EAP-TLS.
• D. Implement an out-of-band monitoring solution to detect message injections and attempts.

Correct answer: C

Explanation

Connecting the devices to an isolated wireless network with WPA2 and EAP-TLS ensures that communications are encrypted and authenticated, providing a strong defense against unauthorized access. While options A, B, and D provide some level of security, they do not address the fundamental need for secure network isolation and proper encryption as effectively as option C does.