CompTIA CASP+ (CAS-004) — Question 443

A systems engineer is designing the infrastructure for an enterprise client with colocation services from a data center operator. The new infrastructure must protect against threats associated with data exfiltration by malicious insiders who may gain direct access to systems during maintenance operations. Which of the following is the best solution?

Answer options

• A. Deactivation of unused interfaces
• B. Configuration of anti-malware scanning for USB devices
• C. Usage of 802.1x to limit network access to only authorized systems
• D. Activation of out-of-band maintenance interfaces

Correct answer: C

Explanation

The best solution is C, as 802.1x provides a method to ensure that only authorized systems can access the network, thereby minimizing the risk of data exfiltration by insiders. Option A simply deactivates unused interfaces, which does not address insider threats. Option B focuses on USB device security, which is less relevant to network access control. Option D would actually increase risk by providing additional access points for maintenance that could be exploited.