CompTIA CySA+ (CS0-001) — Question 140

An investigation showed a worm was introduced from an engineer's laptop. It was determined the company does not provide engineers with company-owned laptops, which would be subject to company policy and technical controls.
Which of the following would be the MOST secure control implement?

Answer options

• A. Deploy HIDS on all engineer-provided laptops, and put a new router in the management network.
• B. Implement role-based group policies on the management network for client access.
• C. Utilize a jump box that is only allowed to connect to clients from the management network.
• D. Deploy a company-wide approved engineering workstation for management access.

Correct answer: D

Explanation

The correct answer is D because deploying a company-wide approved engineering workstation ensures that all devices used for management access are compliant with company policies and technical controls. The other options, while they may enhance security, do not address the fundamental issue of ensuring all devices are under the company's control and policies.