nerdexam
(ISC)2

CISSP · Question #902

When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

The correct answer is D. Employ strong access controls. When network management is outsourced to third parties, strong access controls are the most effective method of protecting critical data assets. Access controls define who can access what data and what actions they can perform, ensuring that only authorized personnel (whether int

Submitted by luis.pe· Mar 5, 2026Identity and Access Management (IAM)

Question

When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

Options

  • ALog all activities associated with sensitive systems
  • BProvide links to security policies
  • CConfirm that confidentially agreements are signed
  • DEmploy strong access controls

How the community answered

(37 responses)
  • A
    24% (9)
  • B
    5% (2)
  • C
    14% (5)
  • D
    57% (21)

Explanation

When network management is outsourced to third parties, strong access controls are the most effective method of protecting critical data assets. Access controls define who can access what data and what actions they can perform, ensuring that only authorized personnel (whether internal or from the third party) can access sensitive data and systems. Key points about strong access controls: Limit access: Ensure that third-party personnel only have access to the systems, applications, and data they need to perform their tasks. This is typically done through role-based access control (RBAC), least privilege principles, and segregation of duties. Authentication: Use strong authentication methods (e.g., multi-factor authentication) to verify the identity of individuals accessing sensitive data. Monitoring and auditing: Regularly monitor and audit access to critical systems to detect unauthorized access or suspicious activities. This approach is essential because third-party network managers will need some level of access to your systems, and strong access controls help mitigate the risk of unauthorized access, data breaches, or insider threats.

Topics

#Third-party risk#Access control#Data protection#Outsourcing security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice