CompTIA Security+ (SY0-501) — Question 93

During a recent audit, several undocumented and unpatched devices were discovered on the internal network. Which of the following can be done to prevent similar occurrences?

Answer options

• A. Run weekly vulnerability scans and remediate any missing patches on all company devices
• B. Implement rogue system detection and configure automated alerts for new devices
• C. Install DLP controls and prevent the use of USB drives on devices
• D. Configure the WAPs to use NAC and refuse connections that do not pass the health check

Correct answer: A

Explanation

The correct answer is A because running weekly vulnerability scans ensures that any missing patches are identified and remediated promptly, thereby reducing the risk of undocumented devices. Option B is useful for detecting rogue devices but does not address patch management directly. Option C focuses on preventing data loss rather than managing device vulnerabilities, while option D enhances network security but does not specifically prevent the existence of unpatched devices.