CompTIA Security+ Question A-79

An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?

A. Initial baseline configuration snapshots
B. Firewall, IPS and network segmentation
C. Event log analysis and incident response
D. Continuous security monitoring processes

Answer: D

Explanation:
Continuous monitoring may involve regular measurements of network traffic levels, routine evaluations for regulatory compliance, and checks of network security device configurations. It also points toward the never-ending review of what resources a user actually accesses, which is critical for preventing insider threats.

Incorrect Options:

A: An initial baseline configuration snapshot would allow for the standardized minimal level of security that all systems in an organization must comply with to be enforced. This will not cover the non-technical security incidents.

B: A Firewall, IPS and network segmentation will offer technical protection, but not non-technical security protection.

C: Event log analysis and incident response will not cover the non-technical security incidents.

Reference:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 154.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 207, 208

CompTIA Network+ Question C-48

A company has just implemented VoIP. Prior to the implementation, all of the switches were upgraded to layer 3 capable in order to more adequately route packages. This is an example of which of the following network segmentation techniques?

A. Compliance implementation
B. Separate public/private newtorking
C. Honeypot implementation
D. Performance optimization

Correct Answer: D

CompTIA Network+ Question C-26

Network segmentation provides which of the following benefits?

A. Security through isolation
B. Link aggregation
C. Packet flooding through all ports
D. High availability through redundancy

Correct Answer: A

Explanation:
Network segmentation in computer networking is the act or profession of splitting a computer network into subnetworks, each being a network segment. Advantages of such splitting are primarily for boosting performance and improving security through isolation.
Advantages of network segmentation:
Improved security: Broadcasts will be contained to local network. Internal network structure will not be visible from outside
Reduced congestion: Improved performance is achieved because on a segmented network there are fewer hosts per subnetwork, thus minimizing local traffic Containing network problems: Limiting the effect of local failures on other parts of network