Learn about the two main types of security controls – technical and compensating – that can be used to restrict access to a critical server on an isolated VLAN. Understand how network segmentation provides an additional layer of protection for vulnerable end-of-life systems.
Table of Contents
Question
A network team segmented a critical, end-of-life server to a VLAN that can only be reached by specific devices but cannot be reached by the perimeter network. Which of the following best describe the controls the team implemented? (Choose two.)
A. Managerial
B. Physical
C. Corrective
D. Detective
E. Compensating
F. Technical
G. Deterrent
Answer
E. Compensating
F. Technical
Explanation
The two types of controls that best describe the network team’s actions to segment the critical end-of-life server are:
F. Technical
Technical controls are safeguards incorporated into computer hardware, software, or firmware. Placing the server on a restricted VLAN that can only be accessed by specific devices is an example of a technical control. It uses network segmentation to isolate the server and limit its attack surface.
E. Compensating
Compensating controls provide an alternative measure of control to mitigate risk when the primary control is not feasible. In this case, the end-of-life server likely cannot be patched or upgraded to address vulnerabilities. Segmenting it on an isolated VLAN acts as a compensating control by restricting access to it, thereby reducing the risk posed by any vulnerabilities that can no longer be fixed on the system itself.
The other options are not the most applicable:
A. Managerial – Policies and procedures put in place by management. This is an active technical implementation, not a policy.
B. Physical – Tangible controls like locks, fences, guards. VLANs are a logical segmentation, not a physical control.
C. Corrective – Actions to fix an issue after it occurs. This is a preventative measure put in place ahead of time.
D. Detective – Mechanisms to identify incidents in progress or after the fact. This control aims to prevent lateral movement in the first place.
G. Deterrent – Controls intended to discourage actions by making them more difficult. A VLAN prevents access rather than just discouraging it.
In summary, placing the critical end-of-life server on a highly restricted VLAN is an example of a technical control that acts as a compensating control for the inability to remediate vulnerabilities directly on the obsolete system. It relies on network segmentation to limit access to the server and contain risk.
CompTIA SY0-701 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the CompTIA SY0-701 exam and earn CompTIA SY0-701 certification.