nerdexam
EC-Council

312-50V10 · Question #196

A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with fir

The correct answer is A. Network elements must be hardened with user ids and strong passwords. Regular security tests. Defense-in-depth requires that internal systems like network elements be hardened independently, and cannot rely solely on perimeter controls like firewalls.

Information Security and Ethical Hacking Fundamentals

Question

A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?

Options

  • ANetwork elements must be hardened with user ids and strong passwords. Regular security tests
  • BAs long as the physical access to the network elements is restricted, there is no need for
  • CThere is no need for specific security measures on the network elements as long as firewalls and
  • DThe operator knows that attacks and down time are inevitable and should have a backup site.

How the community answered

(34 responses)
  • A
    76% (26)
  • B
    9% (3)
  • C
    3% (1)
  • D
    12% (4)

Why each option

Defense-in-depth requires that internal systems like network elements be hardened independently, and cannot rely solely on perimeter controls like firewalls.

ANetwork elements must be hardened with user ids and strong passwords. Regular security testsCorrect

Hardening network elements with strong user credentials and conducting regular security assessments applies the principle of defense-in-depth, ensuring that if perimeter defenses are breached, internal systems are not trivially compromised. Linux-based network elements have their own attack surface including SSH services, local accounts, and running processes that must be secured regardless of firewall protection. Regular security testing validates that hardening measures remain effective over time.

BAs long as the physical access to the network elements is restricted, there is no need for

Physical access restrictions alone do not protect against network-based attacks that can reach internal systems through legitimate data center connectivity.

CThere is no need for specific security measures on the network elements as long as firewalls and

Firewalls and IPS systems are perimeter controls that can be bypassed or misconfigured - relying solely on them violates the principle of defense-in-depth.

DThe operator knows that attacks and down time are inevitable and should have a backup site.

Accepting attacks as inevitable and relying only on a backup site is a reactive posture that ignores preventive hardening, which is a fundamental security failure.

Concept tested: Defense-in-depth and system hardening principles

Source: https://csrc.nist.gov/glossary/term/defense_in_depth

Topics

#network hardening#defense in depth#security policy#Linux security

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice