CompTIA CySA+ (CS0-002) — Question 11

The Chief Information Officer (CIO) of a large healthcare institution is concerned about all machines having direct access to sensitive patient information. Which of the following should the security analyst implement to BEST mitigate the risk of sensitive data exposure?

Answer options

• A. A cloud access service broker system
• B. NAC to ensure minimum standards are met
• C. MFA on all workstations
• D. Network segmentation

Correct answer: D

Explanation

Network segmentation is the best choice because it restricts access to sensitive data by separating networks into segments, thereby reducing the attack surface. The other options, while helpful, do not provide the same level of protection against unauthorized access to sensitive patient information as network segmentation does.