CompTIA CySA+ (CS0-002) — Question 355

The IT department is concerned about the possibility of a guest device infecting machines on the corporate network or taking down the company's single Internet connection. Which of the following should a security analyst recommend to BEST meet the requirements outlined by the IT department?

Answer options

• A. Require the guest machines to install the corporate-owned EDR solution
• B. Configure NAC to only allow machines on the network that are patched and have active antivirus
• C. Place a firewall in between the corporate network and the guest network
• D. Configure the IPS with rules that will detect common malware signatures traveling from the guest network

Correct answer: C

Explanation

The correct answer is C because placing a firewall between the corporate network and the guest network effectively isolates the two, preventing potential threats from guest devices. Option A is inadequate as it relies on guest devices to comply with corporate security protocols. Option B, while helpful, does not fully contain risks associated with guest devices. Option D focuses on detection rather than prevention, which is less effective in stopping threats before they enter the corporate network.