CompTIA CySA+ (CS0-001) — Question 17

An organization has recently recovered from an incident where a managed switch had been accessed and reconfigured without authorization by an insider. The incident response team is working on developing a lessons learned report with recommendations. Which of the following recommendations will BEST prevent the same attack from occurring in the future?

Answer options

• A. Remove and replace the managed switch with an unmanaged one.
• B. Implement a separate logical network segment for management interfaces.
• C. Install and configure NAC services to allow only authorized devices to connect to the network.
• D. Analyze normal behavior on the network and configure the IDS to alert on deviations from normal.

Correct answer: B

Explanation

Creating a separate logical network segment for management interfaces enhances security by isolating sensitive management functions from the rest of the network, making unauthorized access more difficult. While replacing the managed switch with an unmanaged one (Option A) may seem like a solution, it removes essential management capabilities. Option C, while beneficial, does not specifically address the segmentation of management interfaces, and Option D focuses on monitoring rather than prevention.