nerdexam
(ISC)2

CISSP · Question #421

In a dispersed network that lacks central control, which of the following is die PRIMARY course of action to mitigate exposure?

The correct answer is B. Implement security policies and standards, access controls, and access limitations. In a dispersed (decentralized) network without central control, establishing security policies, standards, and access controls is the primary way to enforce consistent protection across distributed nodes.

Submitted by rachelw· Mar 5, 2026Security and Risk Management

Question

In a dispersed network that lacks central control, which of the following is die PRIMARY course of action to mitigate exposure?

Options

  • AImplement management policies, audit control, and data backups
  • BImplement security policies and standards, access controls, and access limitations
  • CImplement security policies and standards, data backups, and audit controls
  • DImplement remote access policies, shared workstations, and log management

How the community answered

(37 responses)
  • A
    3% (1)
  • B
    84% (31)
  • C
    11% (4)
  • D
    3% (1)

Why each option

In a dispersed (decentralized) network without central control, establishing security policies, standards, and access controls is the primary way to enforce consistent protection across distributed nodes.

AImplement management policies, audit control, and data backups

Management policies, audit controls, and data backups are detective and recovery-oriented controls rather than preventive measures that directly restrict exposure in a decentralized network.

BImplement security policies and standards, access controls, and access limitationsCorrect

In a dispersed network lacking central control, the primary mitigation is implementing security policies and standards to establish uniform rules, combined with access controls and access limitations to restrict who and what can interact with resources. These measures compensate for the absence of centralized enforcement by defining and enforcing boundaries at the policy and access layer, directly reducing the attack surface and limiting unauthorized exposure across distributed systems.

CImplement security policies and standards, data backups, and audit controls

While security policies and standards are correct, pairing them with data backups and audit controls emphasizes recovery and monitoring rather than the primary preventive action of restricting access in a dispersed environment.

DImplement remote access policies, shared workstations, and log management

Shared workstations increase security risk by allowing multiple users to access the same system, which is counterproductive to mitigating exposure, and remote access policies alone do not address the core need for access controls across a dispersed network.

Concept tested: Security controls for decentralized distributed network environments

Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

Topics

#security policies#access controls#risk mitigation#decentralized security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice