A corporation with a large number of Internet of Things (IoT) devices deployed across multiple office locations is reviewing its security architecture to address concerns regarding the unauthorized disclosure of sensitive data collected by these devices. Which of the following security approaches would BEST mitigate this risk?
Enable full disk encryption on all IoT devices to protect data at rest.
Enable a host-based firewall on each IoT device to prevent unauthorized access.
Require multi-factor authentication for all users accessing the IoT devices.
Implement network segmentation to restrict IoT traffic to a dedicated portion of the network.
Implementing network segmentation would be the most effective at mitigating the risk as it restricts the traffic between the IoT devices and the rest of the network, reducing the potential attack surface and the chance of an attacker reaching sensitive data if the IoT devices are compromised. While full disk encryption is important for data at rest, it doesn't address the transmission or collection of data. Enabling a host-based firewall on IoT devices may not be feasible due to their limited computing resources and wouldn't protect against attacks exploiting the IoT network itself. Requiring multi-factor authentication (MFA) improves the security of user accounts, but it does not specifically address the issue of securing sensitive data collected by IoT devices from network-based threats.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is network segmentation and how does it improve security?
Open an interactive chat with Bash
Why is full disk encryption not sufficient for securing IoT devices?
Open an interactive chat with Bash
What are the limitations of using host-based firewalls on IoT devices?