A user asks a security practitioner for recommendations on securing a home network. The user recently purchased a connected home assistant and multiple IoT devices in an effort to automate the home. Some of the IoT devices are wearables, and other are installed in the user’s automobiles. The current home network is configured as a single flat network behind an ISP-supplied router. The router has a single IP address, and the router performs NAT on incoming traffic to route it to individual devices.
Which of the following security controls would address the user’s privacy concerns and provide the BEST level of security for the home network?
A. Ensure all IoT devices are configured in a geofencing mode so the devices do not work when removed from the home network. Disable the home assistant unless actively using it, and segment the network so each IoT device has itsown segment.
B. Install a firewall capable of cryptographically separating network traffic require strong authentication to access all IoT devices, and restrict network access for the home assistant based on time-of-day restrictions.
C. Segment the home network to separate network traffic from users and the IoT devices, ensure security settings on the home assistant support no or limited recording capability, and install firewall rules on the router to restrict traffic to thehome assistant as much as possible.
D. Change all default passwords on the IoT devices, disable Internet access for the IoT devices and the home assistant, obtain routable IP addresses for all devices, and implement IPv6 and IPSec protections on all network traffic.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Option D seems like mostly bad suggestions but why isn’t changing the default password part of the correct response?
Also B mentioned time of day restrictions. What use is this?
I would go with C on this….limit the ability of those IOT devices?
should be c ?
C was my first choice too Jack. Now I think I agree with B though.
We have to provide “provide the BEST level of security ”
For B:
IoT relies heavily on wireless – so cryptography is going to be a “BEST” – We’re doing that through WPA2
Strong authentication is “BEST” –
Time of day restrictions are a good thing as well – i don’t know about “BEST”, but we’re shutting it up when it doesn’t need to be getting an upgrade or doing something we want it to.
For C:
separate network traffic from users and the IoT devices – that’s a “BEST” practice in Industry
Recording – ?? didn’t know it recorded, but certainly wouldn’t want a lot of that going on
Install firewall router to restrict traffic to the home assistant. – probably a “BEST” practice as well.
Considering all vulnerabilities, with IoT’s, – there’s a lot of traffic to be eavesdropped, strong authentication is a heavy hitter here as well as encryption – that leaves the home unit – which we’re strong authenticating, encrypting and setting time of days on. Unless someone can uncover something I’ve overlooked, I think B is the best answer.
The question says:
“Which of the following security controls would address the user’s privacy concerns…”
B does not address privacy. I go with C.