CompTIA Network+ (N10-007) — Question 125

A company decides to deploy customer-facing, touch-screen kiosks. The kiosks appear to have several open source service ports that could potentially become compromised. Which of the following is the MOST effective way to protect the kiosks?

Answer options

• A. Install an IDS to monitor all traffic to and from the kiosks.
• B. Install honeypots on the network to detect and analyze potential kiosk attacks before they occur.
• C. Enable switchport security on the ports to which the kiosks are connected to prevent network-level attacks.
• D. Create a new network segment with ACLs, limiting kiosks' traffic with the internal network.

Correct answer: D

Explanation

Creating a new network segment with ACLs is the most effective method as it isolates the kiosks from the internal network, reducing the risk of compromise. While an IDS can monitor traffic, it does not prevent attacks, and honeypots serve more for detection rather than protection. Switchport security helps, but it does not provide the same level of isolation as network segmentation.