CompTIA CySA+ (CS0-002) — Question 142

A security analyst has discovered that developers have installed browsers on all development servers in the company's cloud infrastructure and are using them to browse the internet. Which of the following changes should the security analyst make to BEST protect the environment?

Answer options

• A. Create a security rule that blocks internet access in the development VPC
• B. Place a jumpbox in between the developers' workstations and the development VPC
• C. Remove the administrator's profile from the developer user group in identity and access management
• D. Create an alert that is triggered when a developer installs an application on a server

Correct answer: A

Explanation

The best course of action is to create a security rule that blocks internet access in the development VPC, as this directly prevents developers from using browsers to access external sites, reducing the risk of exposure to threats. The other options either do not effectively restrict internet access or focus on monitoring rather than prevention.