CompTIA CySA+ (CS0-001) — Question 107

A company has several internal-only, web-based applications on the internal network. Remote employees are allowed to connect to the internal corporate network with a company-supplied VPN client. During a project to upgrade the internal application, contractors were hired to work on a database server and were given copies of the VPN client so they could work remotely. A week later, a security analyst discovered an internal web-server had been compromised by malware that originated from one of the contractor's laptops. Which of the following changes should be made to BEST counter the threat presented in this scenario?

Answer options

• A. Create a restricted network segment for contractors, and set up a jump box for the contractors to use to access internal resources.
• B. Deploy a web application firewall in the DMZ to stop Internet-based attacks on the web server.
• C. Deploy an application layer firewall with network access control lists at the perimeter, and then create alerts for suspicious Layer 7 traffic.
• D. Require the contractors to bring their laptops on site when accessing the internal network instead of using the VPN from a remote location.
• E. Implement NAC to check for updated proxy and location-based rules for PCs connecting to the internal network.

Correct answer: E

Explanation

Implementing NAC (Network Access Control) is the best approach because it ensures that devices connecting to the internal network comply with security policies, such as having updated software and security configurations. This would help prevent compromised devices, like those used by contractors, from introducing malware. The other options, while potentially beneficial, do not directly address the issue of ensuring device compliance before allowing access to the internal network.