Exam N10-009 topic 1 question 18 discussion

Least privilege network access: This principle ensures that users only have the minimum level of access needed to perform their job, minimizing the potential damage if their account is compromised. Central policy management: This allows for consistent application of security policies across the entire network, making it easier to manage and enforce rules related to access control, authentication, and other security measures. Why the other options are not as ideal: Dynamic inventories: While useful for managing network devices and assets, it is not a direct security measure to prevent breaches. Zero-touch provisioning: This simplifies device setup but does not address underlying security vulnerabilities. Configuration drift prevention: This helps maintain consistent configurations on devices, but it is not a primary security measure. Subnet range limits: This can help with network segmentation and control, but it is not a comprehensive security solution on its own.

A. Least privilege network access – This principle ensures that users and systems only have the minimum level of access required to perform their tasks, reducing the potential impact of a breach. C. Central policy management – Centralized policy management helps enforce consistent security policies across the entire network, ensuring all systems are compliant and reducing vulnerabilities.

Definitely A and C

Least privilege. Central Policy Management which will make it easier to enforce security policies through the entire network

A: Least privilege network access as that's an efficient way to reduce unnecessary permissions being used on the network, and reduces the likelihood of an inside threat or social engineer gaining elevated credentials. E: Configuration drift prevention as that can mean configurations not matching or updated to the baseline or golden configuration, which should be the most secure within the organization.

A: Least Privilege C: Central Policy Management These two answers best align with what the question is asking: "overall security". All other options are more specific than these two.

A: Least privilege network access as that's an efficient way to reduce unnecessary permissions being used on the network, and reduces the likelihood of an inside threat or social engineer gaining elevated credentials. E: Configuration drift prevention as that can mean configurations not matching or updated to the baseline or golden configuration, which should be the most secure within the organization.

A. Least privilege network access C. Central policy management