nerdexam
EC-Council

312-50V9 · Question #285

A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with fir

The correct answer is A. Network elements must be hardened with user ids and strong passwords. Regular security tests. Perimeter controls like firewalls and IPS are necessary but not sufficient - individual network elements must also be hardened as part of a defense-in-depth strategy.

Introduction to Ethical Hacking

Question

A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?

Options

  • ANetwork elements must be hardened with user ids and strong passwords. Regular security tests
  • BAs long as the physical access to the network elements is restricted, there is no need for
  • CThere is no need for specific security measures on the network elements as long as firewalls and
  • DThe operator knows that attacks and down time are inevitable and should have a backup site.

How the community answered

(31 responses)
  • A
    81% (25)
  • B
    3% (1)
  • C
    13% (4)
  • D
    3% (1)

Why each option

Perimeter controls like firewalls and IPS are necessary but not sufficient - individual network elements must also be hardened as part of a defense-in-depth strategy.

ANetwork elements must be hardened with user ids and strong passwords. Regular security testsCorrect

Hardening network elements with strong credentials and conducting regular security testing implements a defense-in-depth approach that does not rely solely on perimeter defenses. Linux-based network elements have their own attack surface including local privilege escalation, default credentials, and unpatched vulnerabilities. Regular security assessments ensure controls remain effective as the threat landscape evolves.

BAs long as the physical access to the network elements is restricted, there is no need for

Physical access restrictions only prevent physical tampering and do not protect against network-based or insider attacks targeting the elements directly.

CThere is no need for specific security measures on the network elements as long as firewalls and

Firewalls and IPS protect the network perimeter but cannot defend against threats that originate internally or that successfully bypass the perimeter, leaving unhardened elements fully exposed.

DThe operator knows that attacks and down time are inevitable and should have a backup site.

Accepting attacks and downtime as inevitable without implementing preventive hardening controls is not a valid security policy and represents a failure to apply due diligence.

Concept tested: Defense in depth and host hardening for network infrastructure

Source: https://csrc.nist.gov/publications/detail/sp/800-123/final

Topics

#hardening#defense in depth#security policy#perimeter security

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice