CompTIA CASP+ Practice Test

What could significantly mitigate the risk of malware from a vendor's non-company device affecting a corporate network?

• A. Implement stronger endpoint protection.
• B. Deploy an Access Control List (ACL) restricting access.
• C. Conduct regular security audits.
• D. Increase vendor training on security protocols.

The correct answer is: Deploy an Access Control List (ACL) restricting access.

Implementing an Access Control List (ACL) to restrict access is an effective measure for mitigating the risk of malware from a vendor's non-company device affecting a corporate network. An ACL is a set of rules that governs what traffic can or cannot enter a network based on specified conditions. By defining which devices, users, or services are permitted to access certain parts of the network, an organization can significantly limit any potential malware spread. When a vendor’s device connects to the corporate network, the ACL can enforce restrictions that prevent that device from accessing sensitive areas or resources. This creates a controlled environment where potential threats can be managed more effectively. Only the necessary and authorized data flows are allowed, reducing the attack surface and the risk of malware propagation. In contrast, while stronger endpoint protection, conducting regular security audits, and increasing vendor training on security protocols are all valid security practices, they don't specifically isolate and limit the access that a vendor’s device has on your network in the way that an ACL does. Endpoint protection deals with actively detecting and remediating malware but does not prevent access outright. Security audits help identify vulnerabilities, but they don't provide real-time mitigation. Vendor training can enhance security awareness but may not directly limit damages from unfriendly devices.