CISSP · Question #421
In a dispersed network that lacks central control, which of the following is die PRIMARY course of action to mitigate exposure?
The correct answer is B. Implement security policies and standards, access controls, and access limitations. In a dispersed (decentralized) network without central control, establishing security policies, standards, and access controls is the primary way to enforce consistent protection across distributed nodes.
Question
In a dispersed network that lacks central control, which of the following is die PRIMARY course of action to mitigate exposure?
Options
- AImplement management policies, audit control, and data backups
- BImplement security policies and standards, access controls, and access limitations
- CImplement security policies and standards, data backups, and audit controls
- DImplement remote access policies, shared workstations, and log management
How the community answered
(37 responses)- A3% (1)
- B84% (31)
- C11% (4)
- D3% (1)
Why each option
In a dispersed (decentralized) network without central control, establishing security policies, standards, and access controls is the primary way to enforce consistent protection across distributed nodes.
Management policies, audit controls, and data backups are detective and recovery-oriented controls rather than preventive measures that directly restrict exposure in a decentralized network.
In a dispersed network lacking central control, the primary mitigation is implementing security policies and standards to establish uniform rules, combined with access controls and access limitations to restrict who and what can interact with resources. These measures compensate for the absence of centralized enforcement by defining and enforcing boundaries at the policy and access layer, directly reducing the attack surface and limiting unauthorized exposure across distributed systems.
While security policies and standards are correct, pairing them with data backups and audit controls emphasizes recovery and monitoring rather than the primary preventive action of restricting access in a dispersed environment.
Shared workstations increase security risk by allowing multiple users to access the same system, which is counterproductive to mitigating exposure, and remote access policies alone do not address the core need for access controls across a dispersed network.
Concept tested: Security controls for decentralized distributed network environments
Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
Topics
Community Discussion
No community discussion yet for this question.