CompTIA CySA+ (CS0-002) — Question 119

While planning segmentation for an ICS environment, a security engineer determines IT resources will need access to devices within the ICS environment without compromising security. To provide the MOST secure access model in this scenario, the jumpbox should be:

Answer options

• A. placed in an isolated network segment, authenticated on the IT side, and forwarded into the ICS network.
• B. placed on the ICS network with a static firewall rule that allows IT network resources to authenticate.
• C. bridged between the IT and operational technology networks to allow authenticated access.
• D. placed on the IT side of the network, authenticated, and tunneled into the ICS environment.

Correct answer: A

Explanation

Option A is the most secure because it keeps the jumpbox isolated from both the IT and ICS networks while allowing controlled access, thus minimizing risk. Option B exposes the jumpbox within the ICS network, which increases vulnerability. Option C creates a bridge that can lead to potential security gaps, while Option D, although it uses tunneling, still places the jumpbox on the IT side, which can be less secure than keeping it isolated.