CompTIA CASP+ (CAS-004) — Question 46
A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.
Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?
Answer options
- A. NAC to control authorized endpoints
- B. FIM on the servers storing the data
- C. A jump box in the screened subnet
- D. A general VPN solution to the primary network
Correct answer: C
Explanation
A jump box in the screened subnet allows privileged users to securely connect to the sensitive environment while ensuring compliance with need-to-know restrictions. Options A and D do not provide the necessary control for accessing sensitive data environments, and option B focuses on integrity monitoring rather than secure access.