A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of the
POS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. An
additional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides voice
connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless.
Only the staff wireless network has access to the POS VPN. Recently, stores are reporting poor response times
when accessing the POS application from store computers as well as degraded voice quality when making
phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating
excessive network traffic. After malware removal, the information security department is asked to review the
configuration and suggest changes to prevent this from happening again. Which of the following denotes theBEST way to mitigate future malware risk?
A.
Deploy new perimeter firewalls at all stores with UTM functionality.
B.
Change antivirus vendors at the store and the corporate office.
C.
Move to a VDI solution that runs offsite from the same data center that hosts the new POS solution.
D.
Deploy a proxy server with content filtering at the corporate office and route all traffic through it.