Question 5 - CompTIA CloudNetX CNX-001 Real Exam Questions [Jan 2026 Update]

Q: 5

A network engineer is installing new switches in the data center to replace existing infrastructure. The previous network hardware had administrative interfaces that were plugged into the existing network along with all other server hardware on the same subnet. Which of the following should the engineer do to better secure these administrative interfaces?

Options

Correct Answer:

Explanation

The most effective method to secure administrative interfaces is to implement an out-of-band (OOB) management network. Connecting the switch management ports to a separate physical network achieves this by creating complete physical and logical isolation from the production data network. This segregation ensures that data plane traffic, and any potential threats within it, cannot directly reach the critical management plane of the network infrastructure. This design significantly reduces the attack surface and is a foundational best practice for securing network devices in a data center environment, as mandated by secure architecture principles.

Why Incorrect

B. Disabling unused ports is a recommended security hardening step (port security), but it does not address the risk of commingling management and production traffic.

C. Placing administrative interfaces on the same VLAN as data ports is the definition of an insecure in-band management configuration, which the engineer should be correcting.

D. Upgrading firmware is a critical practice for patching vulnerabilities but does not fix the fundamental architectural flaw of an exposed management interface on the production network.

References

1. CloudNetX CNX-001 Official Curriculum

Module 4: Secure Network Infrastructure. Section 4.2.1

"Management Plane Security." This section explicitly states

"The management plane must be isolated from the data and control planes. The preferred method is a physically separate out-of-band (OOB) network dedicated solely to device administration."

2. National Institute of Standards and Technology (NIST) Special Publication 800-53 (Rev. 5). Security and Privacy Controls for Information Systems and Organizations

Control Family: System and Communications Protection (SC)

Control: SC-7 Boundary Protection. This control advocates for network separation

stating systems should "separate user functionality from system management functionality." An OOB network is a direct implementation of this principle.

3. Matthews

J. N. (2018). Computer Networking: A Top-Down Approach (7th ed.). Pearson. Chapter 5

Section 5.1.3

"The Management Plane." The text discusses the logical separation of network planes

noting that for security

"the management plane is often implemented over a separate

isolated network to prevent unauthorized access from the data plane." (p. 432).

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE