CompTIA CASP+ (CAS-003) — Question 300

A company has made it a spending priority to implement security architectures that will be resilient during an attack. Recent incidents have involved attackers leveraging latent vulnerabilities in cryptographic implementations and VPN concentrators to be able to compromise sensitive information. Patches have been slowly released for these emergent vulnerabilities, leaving weeks to months of exposed and vulnerable attack surface. Which of the following approaches would be BEST to increase enterprise resilience during similar future attacks?

Answer options

• A. Implement appliances and software from diverse manufacturers
• B. Segment remote VPN users logically from the production LAN
• C. Maximize open-source software to benefit from swifter patch releases
• D. Upgrade the cryptographic ciphers used on the VPN concentrators

Correct answer: D

Explanation

Upgrading the cryptographic ciphers on the VPN concentrators (D) is crucial because stronger ciphers can mitigate the risk of exploitation through vulnerabilities. While implementing diverse appliances (A) and segmenting users (B) are good practices, they do not directly address the vulnerabilities in cryptographic implementations. Maximizing open-source software (C) might speed up patch releases, but it does not inherently increase resilience against attacks targeting existing vulnerabilities.