CompTIA CASP+ (CAS-003) — Question 301

An information security manager is concerned that connectivity used to configure and troubleshoot critical network devices could be attacked. The manager has tasked a network security engineer with meeting the following requirements:
✑ Encrypt all traffic between the network engineer and critical devices.
✑ Segregate the different networking planes as much as possible.
✑ Do not let access ports impact configuration tasks.
Which of the following would be the BEST recommendation for the network security engineer to present?

Answer options

• A. Deploy control plane protections.
• B. Use SSH over out-of-band management.
• C. Force only TACACS to be allowed.
• D. Require the use of certificates for AAA.

Correct answer: B

Explanation

The correct answer is B, as using SSH over out-of-band management ensures that all traffic is encrypted and does not interfere with access ports, providing a secure method for configuration and troubleshooting. Option A, while important for security, does not address the encryption requirement directly. Option C restricts access methods without ensuring traffic encryption, and option D focuses on authentication but does not guarantee the secure transport of the configuration traffic.