CompTIA CASP+ (CAS-004) — Question 209

A new mandate by the corporate security team requires that all endpoints must meet a security baseline before accessing the corporate network. All servers and desktop computers are scanned by the dedicated internal scanner appliance installed in each subnet. However, remote worker laptops do not access the network regularly. Which of the following is the BEST option for the security team to ensure remote worker laptops are scanned before being granted access to the corporate network?

Answer options

• A. Implement network access control to perform host validation of installed patches.
• B. Create an 802.1X implementation with certificate-based device identification.
• C. Create a vulnerability scanning subnet for remote workers to connect to on the network at headquarters.
• D. Install a vulnerability scanning agent on each remote laptop to submit scan data.

Correct answer: A

Explanation

The best approach is to implement network access control to validate the patches on remote laptops before they can access the network. This ensures that laptops are checked against the security baseline effectively. The other options, while potentially useful, do not guarantee that the laptops will be scanned in compliance with the required security standards prior to network access.