During a security assessment, you discover that several smart lighting controllers expose an unauthenticated HTTP service on port 80, and the vendor has no firmware fix available. The devices must stay operational to keep building lights functional. Which measure will most effectively reduce the risk of remote exploitation while preserving necessary management access to the controllers?
Move the controllers into a dedicated VLAN and use firewall rules to allow HTTP access only from the authorized building-management workstation
Enable MAC address filtering on the facility's wireless access points to restrict which laptops can connect
Install signature-based antivirus software directly on each lighting controller
Block all inbound traffic to TCP port 80 on the organization's perimeter firewall
Moving the vulnerable controllers to their own VLAN and limiting inbound traffic to only the known management hosts applies network segmentation and access-control principles that directly reduce an attacker's ability to reach the devices. This compensating control contains exposure without interrupting legitimate use. Simply blocking port 80 at the perimeter does not protect the devices from internal threat actors or compromised hosts on the same LAN. Installing traditional antivirus is usually impossible on embedded IoT hardware and, even if feasible, would not address the root cause-unrestricted network access. MAC address filtering on Wi-Fi is easily spoofed and would not mitigate attacks that originate from other wired segments or through compromised devices already on the list.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VLAN, and how does it improve network security?
Open an interactive chat with Bash
Why is using firewall rules important for securing vulnerable devices?
Open an interactive chat with Bash
Why are MAC address filtering and antivirus not effective in this scenario?
Open an interactive chat with Bash
What is a VLAN and how does it enhance security?
Open an interactive chat with Bash
Why is restricting access via firewall rules more effective than just blocking port 80 at the perimeter?
Open an interactive chat with Bash
Why is MAC address filtering not sufficient for network security?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Mobile Platform, IoT, and OT Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .