CompTIA CASP+ (CAS-003) — Question 73

A security assessor is working with an organization to review the policies and procedures associated with managing the organization's virtual infrastructure. During a review of the virtual environment, the assessor determines the organization is using servers to provide more than one primary function, which violates a regulatory requirement. The assessor reviews hardening guides and determines policy allows for this configuration. It would be MOST appropriate for the assessor to advise the organization to:

Answer options

• A. segment dual-purpose systems on a hardened network segment with no external access
• B. assess the risks associated with accepting non-compliance with regulatory requirements
• C. update system implementation procedures to comply with regulations
• D. review regulatory requirements and implement new policies on any newly provisioned servers

Correct answer: C

Explanation

The correct answer is C because updating system implementation procedures to comply with regulations directly addresses the identified issue of regulatory non-compliance. Option A suggests a workaround that does not resolve the fundamental compliance issue, while option B focuses on risk assessment rather than rectifying the non-compliance. Option D, while important, does not address the existing servers already in violation.