nerdexam
EC-Council

312-50V11 · Question #199

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a di

The correct answer is C. Remote-access policy. A remote-access policy governs all mechanisms by which users connect to the network from outside the standard perimeter, including dial-out and dial-in modems, VPNs, and other remote connectivity tools.

Information Security and Ethical Hacking Fundamentals

Question

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?

Options

  • AFirewall-management policy
  • BAcceptable-use policy
  • CRemote-access policy
  • DPermissive policy

How the community answered

(21 responses)
  • A
    10% (2)
  • B
    5% (1)
  • C
    86% (18)

Why each option

A remote-access policy governs all mechanisms by which users connect to the network from outside the standard perimeter, including dial-out and dial-in modems, VPNs, and other remote connectivity tools.

AFirewall-management policy

A firewall-management policy covers the rules, change control, and administration of firewall devices, not the authorization of end-user remote-access hardware like modems.

BAcceptable-use policy

An acceptable-use policy defines appropriate use of company IT resources in general terms (e.g., internet use, email) but does not specifically govern the technical requirements or approval process for remote-access methods.

CRemote-access policyCorrect

Remote-access policies specifically define the rules, approved technologies, and conditions under which employees may establish remote connections to or from the corporate network. A dial-out modem creates an out-of-band communication channel that bypasses perimeter controls, making the remote-access policy the correct document to consult when determining whether such a device is permitted.

DPermissive policy

A permissive policy is a general security stance or firewall rule philosophy that allows traffic by default, not a named policy document that would contain specific rules about modem use.

Concept tested: Remote-access policy scope covering out-of-band modems

Source: https://www.sans.org/information-security-policy/remote-access-policy/

Topics

#remote access policy#dial-out modem#acceptable use#security policy

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice