Notifications
Clear all
Topic starter
26/10/2022 1:14 am
The security team at a large corporation is helping the payment-processing team to prepare for a regulatory compliance audit and meet the following objectives:
✑ Reduce the number of potential findings by the auditors.
✑ Limit the scope of the audit to only devices used by the payment-processing team for activities directly impacted by the regulations.
✑ Prevent the external-facing web infrastructure used by other teams from coming into scope.
✑ Limit the amount of exposure the company will face if the systems used by the payment-processing team are compromised.
Which of the following would be the MOST effective way for the security team to meet these objectives?
- A . Limit the permissions to prevent other employees from accessing data owned by the business unit.
- B . Segment the servers and systems used by the business unit from the rest of the network.
- C . Deploy patches to all servers and workstations across the entire organization.
- D . Implement full-disk encryption on the laptops used by employees of the payment-processing team.
Suggested Answer: B