CompTIA CySA+ (CS0-002) — Question 144

A security analyst is building a malware analysis lab. The analyst wants to ensure malicious applications are not capable of escaping the virtual machines and pivoting to other networks. To BEST mitigate this risk, the analyst should use:

Answer options

• A. an 802.11 ac wireless bridge to create an air gap.
• B. a managed switch to segment the lab into a separate VLAN.
• C. a firewall to isolate the lab network from all other networks.
• D. an unmanaged switch to segment the environments from one another.

Correct answer: C

Explanation

The correct answer is C because using a firewall effectively isolates the lab network from external networks, preventing malware from escaping. Options A and B do not provide sufficient isolation, as an air gap may not be feasible and a managed switch only segments traffic within the same network. Option D, using an unmanaged switch, does not provide any form of network isolation and could allow malware to spread easily.