Exam CS0-002 topic 1 question 169 discussion

VDI from the BYOD device onto the company hardware isn't going to help the performance problems. NAC (802.1X) will allow the company to ensure only compliant equipment connects although in the real world it would just be simpler to buy new workstations!!!

What is the point of BYOD if you are going to use a VDI anyway? The answer is D. NAC will do the job.

802.1x is only for authentication, both users and devices. VDI will provide a controlled environment with dedicated hardware that meets performance benchmarks for the BYOD devices to connect to. Users could use the same form-factor workstations that are causing the performance issues to run VDI, and get improved performance - if the VDI is hosted on upscaled hardware.

Option D, which mentions 802.1X to enforce company policy on BYOD user hardware, is a valid security measure, and it may be part of an overall security strategy. 802.1X is a network access control (NAC) standard that provides a mechanism for authenticating devices trying to connect to a network. However, it alone may not be sufficient to address all security concerns related to BYOD. The reason Option B may be a stronger choice is that it incorporates both a firewalled environment for client devices and a secure Virtual Desktop Infrastructure (VDI) for BYOD users. This combination offers a more comprehensive approach to security. The firewalled environment adds a layer of protection for client devices, and VDI allows for centralized control and management of the virtual desktops, reducing the potential risks associated with diverse and potentially less-secure BYOD hardware.

B. A firewalled environment for client devices and a secure VDI for BYOD users This option suggests implementing a firewalled environment for client devices, which helps protect against unauthorized access and potential security threats. Additionally, using a secure Virtual Desktop Infrastructure (VDI) for BYOD users can provide a controlled and secure environment for accessing company resources, minimizing the risk of compromising sensitive data.

VDI acts like a jumphost where only applications and services required are enabled. 802.1X is nothing more than authentication. How do you control an endpoint with ramsonware, worms, RATs, outdated software,... You cannot check if a device is compliant only with 802.1X

Here’s why this is the best option: A VDI environment allows the company to control the operating system and applications that the employees use for their work, regardless of the employee’s personal device. This setup keeps company data within the company’s controlled environment and does not store sensitive data on the employee’s personal device. A firewalled environment helps to protect the network by managing traffic to and from the VDI and the client devices, thus reducing the risk of malware or data exfiltration. 802.1X provides network port-based access control which is useful for authenticating devices that connect to the network. However, it does not address the security of the data on the devices themselves and how the devices are used outside of the network's environment.

A firewalled environment for client devices and a secure VDI (Virtual Desktop Infrastructure) for BYOD users would be the most likely recommendation for securing the proposed solution. A firewalled environment can help isolate and protect the client devices from unauthorized network access or attacks. A secure VDI can provide a virtualized desktop environment for BYOD users that can be centrally managed and controlled by the organization. A VDI can also prevent data leakage or malware infection from BYOD devices, as the data and applications are stored on the server side rather than on the device itself

B only seems logical to me. Using VDI makes the BYOD a dump device that does not need to have much power. Seprating the BYOD devices is always a good idea. On th eother hand the old Workstation could function as ThinClient to the VDI infrastructure. Tough choice here.

The answer is in the question put by Sepu !!!

D. There is no point to for BYOD if you’re to force users into VDIs anyway, just use the outdated workstations. The firewall would also not protect the BYOD machine from infecting each other. 802.1x supplicants can absolutely be used to force devices to be updated before allowing them on the network.

802.1X protect network, question focus on hardware security so i going with B.

legally you can't enforce policies on devices that aren't yours...

802.1X is an authentication framework, and to my knowledge does nothing to prevent infected devices from connecting to the network nor does enforcing company policy on user hardware is in any way better than having BYOD users connect to the company resources through secure VDIs from their personal device. in addition 802.1X does nothing for remote users.

Correct Answer is B 802.1x has nothing to do with the question.

it is D

After reviewing 802.1x, it can keep infected machines from connecting to the network.