CompTIA PenTest+ (PT0-003) — Question 63

Which of the following security controls should be implemented when systems that are covered by a compliance agreement are maintained separately from other elements of an organization's infrastructure?

Answer options

• A. Key management
• B. Network monitoring
• C. Data isolation
• D. Penetration test

Correct answer: C

Explanation

Data isolation is crucial in ensuring that systems under compliance do not interact with other infrastructure components, thereby reducing the risk of non-compliance. Key management, network monitoring, and penetration tests are important security practices, but they do not specifically address the need for separate handling of compliance-covered systems.