One of the findings of risk assessment is that many of the servers on the data center subnet
contain data that is in scope for PCI compliance, Everyone in the company has access to these
servers, regardless of their job function. Which of the following should the administrator do?
A.
Segment the network
B.
Use 802.1X
C.
Deploy a proxy sever
D.
Configure ACLs
E.
Write an acceptable use policy
A subnet, is a logical, visible subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting. Traffic is exchanged (routed) between subnetworks with special gateways (routers) when the routing prefixes of the source address and the destination address differ. A router constitutes the logical or physical boundary between the subnets.
A network segment is a portion of a computer network that is separated from the rest of the network by a device such as a repeater, hub, bridge, switch or router. Each segment can contain one or multiple computers or other hosts. segmentation allows all the advantages to a business or other organization of having all of its hosts on a single network while insulating each part of the network from unauthorized entry. Each segment can be protected from the other segments by using firewalls, each employing its own set of rules, through which data moving between segments must pass.
Access Control Lists (ACLs) are a collection of permit and deny conditions, called rules, that provide security by blocking unauthorized users and allowing authorized users to access specific resources. ACLs can also provide traffic flow control, restrict contents of routing updates, and decide which types of traffic are forwarded or blocked. Normally ACLs reside in a firewall router or in a router connecting two internal networks.You can set up ACLs to control traffic at Layer 2, Layer 3, or Layer 4.
The servers on the data center subnet= no need to segment network
Everyone in the company has access to these servers= the firewall its not active
So in order to prevent this the administrator should
D. Configure ACLs
0
0
i think choice A is correct answer because by segmenting you create a separate logical network and then we can assign access of that portion to PCI compliance related people
0
0
D configure ACLs
0
0
At this point, we are not sure if the entire network is one big network. So, even if you configure ACLs, they will not affect someone unless that someone is on another subnet. The first thing that you have to do is segment the network though subnets and/or VLANs. Then you configure ACLs
0
0
The question indicates that they have already segmented network by stating as “data center subnet”, So I think all what we need is ACLs.
0
0