312-50V10 · Question #199
A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a di
The correct answer is C. Remote-access policy. A remote-access policy governs how users connect to the network remotely, including the use of dial-up modems, VPNs, and other remote connectivity methods.
Question
A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?
Options
- AFirewall-management policy
- BAcceptable-use policy
- CRemote-access policy
- DPermissive policy
How the community answered
(24 responses)- A4% (1)
- B4% (1)
- C92% (22)
Why each option
A remote-access policy governs how users connect to the network remotely, including the use of dial-up modems, VPNs, and other remote connectivity methods.
A firewall-management policy governs the configuration and administration of firewalls, not end-user remote connectivity devices like modems.
An acceptable-use policy defines appropriate use of organizational IT resources broadly, but does not specifically address remote access methods or connection technologies.
The remote-access policy specifically defines what remote connection methods are permitted or prohibited, including dial-out modems, dial-in connections, and VPN usage. It establishes rules for how users in the organization may access internal resources or external networks through non-standard connections. A dial-out modem installed by an IT user is a remote access control concern that falls directly under this policy.
A permissive policy is a network traffic stance that allows all traffic by default unless explicitly denied, and is not a policy type that governs remote access hardware.
Concept tested: Remote access policy scope and applicability
Source: https://csrc.nist.gov/publications/detail/sp/800-46/rev-2/final
Topics
Community Discussion
No community discussion yet for this question.