An organization merges with a smaller company. A security engineer sees several new endpoints that are not in the existing inventory. There is uncertainty about their purpose and no data flow documentation. What step best helps reduce the chance of missing issues?
Cancel any connections that are not documented until approved by management
Compile each unidentified system into the existing repository and evaluate their use
Encrypt all traffic to those unexplored endpoints prior to investigating them
Develop a policy preventing information exchange with newly acquired entities
Maintaining a complete asset inventory is critical for identifying security gaps—especially following organizational changes like mergers. By logging all previously unidentified systems into the existing repository, teams can evaluate each asset for risk, function, and alignment with security policies. While restricting traffic or enforcing policies might seem proactive, these actions without proper identification may lead to disruptions or missed threats. Discovery and documentation must always precede enforcement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is maintaining an asset inventory so important after a merger?
Open an interactive chat with Bash
How can a security team evaluate unknown endpoints for risks?
Open an interactive chat with Bash
What is the risk of enforcing restrictions on undocumented endpoints without identification?