A company has several internal-only, web-based applications on the internal network. Remote employees are allowed to connect to the

internal corporate network with a company-supplied VPN client. During a project to upgrade the internal application, contractors were hired to work on a database server and were given copies of the VPN client

so they could work remotely. A week later, a se

curity analyst discovered an internal web-server had been compromised by malware that originated from one of the contractor-s laptops. Which of the following changes should be made to BEST counter the threat presented in this scenario?

A. Create a restric

ted network segment for contractors, and set up a jump box for the contractors to use to access internal resources.

B. Deploy a web application firewall in the DMZ to stop Internet-based attacks on the web server.

C. Deploy an application layer firewall wi

th network access control lists at the perimeter, and then create alerts for suspicious Layer 7 traffic.

D. Require the contractors to bring their laptops on site when accessing the internal network instead of using the VPN from a remote location.

E.

Implement NAC to check for updated anti-malware signatures and location-based rules for PCs connecting to the internal network.