EC-Council
312-50V9 · Question #285
312-50V9 Question #285: Real Exam Question with Answer & Explanation
The correct answer is A: Network elements must be hardened with user ids and strong passwords. Regular security tests. Perimeter controls like firewalls and IPS are necessary but not sufficient - individual network elements must also be hardened as part of a defense-in-depth strategy.
Question
A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?
Options
- ANetwork elements must be hardened with user ids and strong passwords. Regular security tests
- BAs long as the physical access to the network elements is restricted, there is no need for
- CThere is no need for specific security measures on the network elements as long as firewalls and
- DThe operator knows that attacks and down time are inevitable and should have a backup site.
Explanation
Perimeter controls like firewalls and IPS are necessary but not sufficient - individual network elements must also be hardened as part of a defense-in-depth strategy.
Common mistakes.
- B. Physical access restrictions only prevent physical tampering and do not protect against network-based or insider attacks targeting the elements directly.
- C. Firewalls and IPS protect the network perimeter but cannot defend against threats that originate internally or that successfully bypass the perimeter, leaving unhardened elements fully exposed.
- D. Accepting attacks and downtime as inevitable without implementing preventive hardening controls is not a valid security policy and represents a failure to apply due diligence.
Concept tested. Defense in depth and host hardening for network infrastructure
Reference. https://csrc.nist.gov/publications/detail/sp/800-123/final
Community Discussion
No community discussion yet for this question.