CompTIA CASP+ (CAS-004) — Question 216

A security architect for a manufacturing company must ensure that a new acquisition of IoT devices is securely integrated into the company’s Infrastructure. The devices should not directly communicate with other endpoints on the network and must be subject to network traffic monitoring to identify anomalous traffic. Which of the following would be the BEST solution to meet these requirements?

Answer options

• A. Block all outbound traffic and implement an inline firewall.
• B. Allow only wireless connections and proxy the traffic through a network tap.
• C. Establish an air-gapped network and implement an IDS.
• D. Use a separate VLAN with an ACL and implement network detection and response.

Correct answer: D

Explanation

The correct answer, D, involves using a separate VLAN with access control lists (ACLs) to isolate IoT devices from the rest of the network while allowing for monitoring of their traffic. Option A would block all outbound traffic, which might hinder necessary communications. Option B introduces a potential security risk by allowing wireless connections, and option C, while secure, may not provide the necessary monitoring and integration with existing networks.