Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam CS0-002 topic 1 question 155 discussion

Actual exam question from CompTIA's CS0-002
Question #: 155
Topic #: 1
[All CS0-002 Questions]

A security analyst needs to reduce the overall attack surface. Which of the following infrastructure changes should the analyst recommend?

  • A. Implement a honeypot.
  • B. Air gap sensitive systems.
  • C. Increase the network segmentation.
  • D. Implement a cloud-based architecture.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
I_heart_shuffle_girls
Highly Voted 3 years, 2 months ago
I agree on C.
upvoted 12 times
Obi_Wan_Jacoby
3 years, 2 months ago
I concur with C
upvoted 8 times
...
...
catastrophie
Highly Voted 1 year, 1 month ago
Selected Answer: C
Answer is C increasing network segmentation. There are many ways to reduce the network surface including air gapping. However this is asking for the reduction in the overall attack surface, not just for sensitive systems. Other broad strokes of reducing the attack surface would be things like enforcing zero trust on systems, strong authentication policy enforcement, strict access control processes, etc... anything that can be applied over a wide spread area to reduce potential points of entry.
upvoted 5 times
...
RobV
Most Recent 3 months, 1 week ago
Selected Answer: C
C. Increase the network segmentation.
upvoted 1 times
...
2Fish
1 year ago
Selected Answer: C
C. The key here is "overall" attack surface.
upvoted 3 times
...
Stiobhan
1 year, 1 month ago
I need to go with Air Gap here. Reducing the attack surface is achieved by Air Gapping, well from logical attack anyway. If something is properly Air Gapped then it needs a physical interaction to breach it (usb etc... See Stuxnet) Segmentation is great and it should be high on the design agenda of a network but it doesn't make the attack surface smaller it just makes it harder to breach.
upvoted 2 times
...
jleonard_ddc
1 year, 2 months ago
Selected Answer: B
Network segmentation doesn't reduce your attack surface, it just isolates the impact of any attack. Air gap is the only solution here that actually reduces attack surface.
upvoted 3 times
...
moonash
1 year, 3 months ago
key word overall attack surface will go with C
upvoted 2 times
...
soska123
1 year, 4 months ago
I think the segmentation is the best solution to isolated the infection or threat and make it smaller so can be handled easy and controlled it, I going with C.
upvoted 1 times
...
TeyMe
1 year, 4 months ago
Selected Answer: B
The attack surface is all the points at which an adversary could interact with the system and potentially compromise it. To determine the attack surface, you must inventory the assets deployed on your network and the processes that those assets support.
upvoted 2 times
...
KingDeeko
1 year, 5 months ago
Two proven techniques for reducing the attack surface on your backup data that often go hand in hand are data isolation and air gapping.
upvoted 1 times
...
Tag
1 year, 5 months ago
Selected Answer: C
The attack surface is the number of all possible points, or attack vectors, where an unauthorized user can access a system and extract data. The smaller the attack surface, the easier it is to protect. Attack Surface Reduction in 5 Steps 1. Implement Zero-trust Policies 2. Eliminate Complexity 3. Scan for Vulnerabilities 4. Segment Network 5. Train Employees https://www.fortinet.com/resources/cyberglossary/attack-surface
upvoted 2 times
...
R00ted
1 year, 5 months ago
Selected Answer: C
"The number of systems that are exposed to attackers (commonly called the organization's attack surface) can be reduced by compartmentalizing systems and networks."
upvoted 1 times
...
amateurguy
1 year, 6 months ago
Selected Answer: C
i thought it was C
upvoted 2 times
...
Cizzla7049
1 year, 6 months ago
Increase network segmentation per google
upvoted 1 times
...
kchugh
2 years, 9 months ago
Wouldn't segmenting the network create small pieces of the network but when you combine those pieces the total are of the network be the same? Wouldn't moving to cloud-based architecture better as you are transferring some of the risk to the vendor hence reducing the attack surface?
upvoted 1 times
SniipZ
2 years, 9 months ago
No. Segmentation means for example to split up the network into DMZ and internal network. The attack surface is now reduced, because only the DMZ is exposed to the internet.
upvoted 5 times
...
MinnesotaMike
2 years, 8 months ago
You could do that but what company could afford that. Risk analysis man. Is the cost of moving your whole infrastructure feasible. What CIO would sign off on that. The risk would have to be huge and the cost of a breach would have to greatly exceed the price to move it all to the cloud.
upvoted 1 times
...
vorozco
2 years, 3 months ago
I see your logic. That a segmented network is still the same size as the whole prior to segmentation, thus not reduced. However, the source provided states segmentation "helps to reduce the attack surface by increasing the number of barriers an attacker encounters when attempting to travel through the network." Think of a big, flat network (one big surface). This usually isn't a good idea because if an attacker makes their way in, it's a free for all. BUT, if we segment that network (I guess you can think of it as multiple fragmented surfaces where each fragment is a REDUCED portion of the whole), it becomes harder for the attacker to maneuver throughout the network because there are more barriers. Thus, the overall attack surface is reduced. Hope this helps clarify.
upvoted 3 times
...
...
somsom
3 years ago
Agree on C
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...