nerdexam
EC-Council

312-50V11 · Question #196

A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with fir

The correct answer is A. Network elements must be hardened with user ids and strong passwords. Regular security tests. Defense-in-depth requires that individual network elements be hardened independently, because perimeter controls alone cannot protect against insider threats, lateral movement, or physical-access bypass scenarios.

Information Security and Ethical Hacking Fundamentals

Question

A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?

Options

  • ANetwork elements must be hardened with user ids and strong passwords. Regular security tests
  • BAs long as the physical access to the network elements is restricted, there is no need for
  • CThere is no need for specific security measures on the network elements as long as firewalls and
  • DThe operator knows that attacks and down time are inevitable and should have a backup site.

How the community answered

(24 responses)
  • A
    75% (18)
  • B
    17% (4)
  • C
    4% (1)
  • D
    4% (1)

Why each option

Defense-in-depth requires that individual network elements be hardened independently, because perimeter controls alone cannot protect against insider threats, lateral movement, or physical-access bypass scenarios.

ANetwork elements must be hardened with user ids and strong passwords. Regular security testsCorrect

Hardening each Linux-based network element with strong credentials, minimal user accounts, and regular security testing applies the principle of defense-in-depth. Perimeter firewalls and IPS systems protect the boundary but cannot stop threats that originate from within the network or from a compromised perimeter device, so host-level hardening is a required complementary control.

BAs long as the physical access to the network elements is restricted, there is no need for

Physical access restrictions alone do not address logical attacks such as remote exploits, credential theft, or insider threats that can reach network elements through legitimate network paths.

CThere is no need for specific security measures on the network elements as long as firewalls and

Firewalls and IPS are perimeter controls and do not protect against threats already inside the network, misconfigurations on the host, or vulnerabilities in the OS and services running on the network elements themselves.

DThe operator knows that attacks and down time are inevitable and should have a backup site.

Assuming downtime is inevitable and relying solely on a backup site is a reactive continuity strategy, not a proactive security policy, and does not address the prevention of attacks or the hardening of assets.

Concept tested: Defense-in-depth and host hardening policy

Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-123.pdf

Topics

#hardening#security policy#network elements#Linux security

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice