During a recent audit, several undocumented and unpatched devices were discovered on the internal network. Which of the following can be done to prevent similar occurrences?
A. Run weekly vulnerability scans and remediate any missing patches on all company devices
B. Implement rogue system detection and configure automated alerts for new devices
C. Install DLP controls and prevent the use of USB drives on devices
D. Configure the WAPs to use NAC and refuse connections that do not pass the health check
How To Pass SY0-601 Exam?CompTIA SY0-601 PDF dumps.High quality SY0-601 pdf and software. VALID exam to help you pass. |
 |
Correct answer is A
D – The question asks “Which of the following can be done to PREVENT similar occurrences”?
It isn’t looking for DETECTION – it’s looking for PREVENTION. A scan will DETECT but not PREVENT. However a NAC (Network Access Control) with Health Checks will PREVENT similar attacks. The NAC system isolates computers that don’t meet the Health Check conditions. Common health check conditions are: Up-to-date antivirus software, including updated signature definitions. Up-to-date operating system, including current patches and fixes.
Answer D would only help if all devices detected were wireless. The question doesn’t specify how the devices are connected. So the answer would be A
Correct answer is B