Exam CAS-004 topic 1 question 164 discussion

completely flat E, had no privileged access limits B, and had open RDP access to servers E

The correct answers are B, PAM (privilege access management); E, Network segmentation; and D, MFA (multi-factor authentication).

i feel like encrypting traffic is more important than MFA when it comes to working remotely RDP, and of course PAM and VLANs are usually prioritized in any new implementation.

Ans BDE. The best solutions for addressing the healthcare system's security weaknesses are: PAM (to manage privileged access) MFA (to secure RDP and other remote access) Network segmentation (to limit lateral movement of attackers and contain potential damage) These solutions directly address the vulnerabilities identified in the current network security posture. While Remote Access VPN could provide secure access for remote workers, but it wouldn't directly address the other issues like lack of network segmentation, privileged access control, or the need for MFA on critical systems. It’s useful for remote access but not a comprehensive solution to the vulnerabilities described in the case.

“No privilege access limits”….Fix: MFA

According g to ChatGPT, answers are B, D and E.

- Network segmentation restricts access to PHI-containing servers to only authorized individuals or devices within specific segments of the network. - Privileged Access Management ensures that privileged accounts, which have elevated access to critical systems and data, are tightly controlled and monitored. - Multi-Factor Authentication adds an extra layer of security to the authentication process, making it more difficult for attackers to compromise user credentials and gain unauthorized access to sensitive resources. I'm not going with VPN, because yes, it's a VPN to get into the network. it doesn't directly secure the servers. MFA at least means that they have to have more than one way to prove their access.

B,E,G makes the most sense. C, does not seem correct as remote access is not listed as a problem or requirement for them. The RDP access can be remediated most easily with Network Access Controls (NAC). Additionally, the introduction of the VPN would not solve the issue of open RDP access on the LAN.

E. Network Segmentation - Flat network B. PAM - No privileged access limits G. NAC - open RDP access to servers with PHI

Changing to BCE as PAM overlaps MFA, so we need to focus on a secure RDP session which would be done with remote VPN

A vpn does not secure a connection to RDP in a sever. All it does is secure the connect from the user through the RDP connection. MFA applies access control authentication which does implement a security measure for the issues mentioned

I agree with everyone who selected PAM to address the no privilege access limits and network segmentation to address the flat network. But I think the third answer is NAC to address the open RDP access to servers with PHI. I can understand why Remote access VPN could be a choice because the thought of having a more secure connection would solve the RDP access. However, a VPN only gets you to the network and once inside the network, you can still RDP to those servers. I think the real issue here is protecting PHI and with NAC, you can address that by limiting network access to those servers.

BDE = Security Concepts ACF = Networking Concepts (Operations) This is a security exam. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

Based on the information provided, the three solutions that would BEST solve these challenges are: E. Network segmentation: Network segmentation can help to divide the network into smaller, isolated segments, making it more difficult for attackers to move laterally within the network. By segmenting the network, the impact of a compromise can be minimized and the scope of a breach can be contained. B. PAM: Privileged access management (PAM) can help to control and monitor access to privileged accounts, such as those used by system administrators and IT staff. By implementing PAM, the healthcare system can restrict access to sensitive systems and limit the damage that an attacker can do if they gain access to privileged accounts. D. MFA: Multi-factor authentication (MFA) can help to prevent unauthorized access to systems and applications. By requiring users to provide more than one form of authentication, such as a password and a token, MFA can help to ensure that only authorized users are able to access sensitive information.

agree with PAM, VPN, and Network Segmentation.

B: Privilege access remediation C: Remote access VPN (RDP makes it encrypted )remediation E: Flat network remediation

B. PAM (Privileged Access Management): This solution would help limit privileged access to the network and ensure that only authorized users can access sensitive information. D. MFA (Multi-Factor Authentication): This solution would add an additional layer of security to prevent unauthorized access to the network. E. Network Segmentation: This solution would help isolate different parts of the network and reduce the attack surface by creating distinct security zones for different types of resources, such as servers containing personal health information.