nerdexam
GIAC

GCIH · Question #416

A new helpdesk employee at a multinational corporation took it upon himself to test the security of the servers that holds highly confidential information regarding specific government projects. Which

The correct answer is B. Secured and controlled access to the server room.. Secured and controlled physical access to the server room is the well-known deterrent that prevents unauthorized individuals, including internal employees, from physically reaching sensitive servers.

Incident Response & Cyber Kill Chain

Question

A new helpdesk employee at a multinational corporation took it upon himself to test the security of the servers that holds highly confidential information regarding specific government projects. Which of the following is a well-known technique for deterring such individuals?

Options

  • AWarning banners stating unauthorized access is forbidden.
  • BSecured and controlled access to the server room.
  • CA mantrap with a manned guard deters unauthorized access.
  • DReview the Acceptable use Internet policy before access.

How the community answered

(22 responses)
  • B
    95% (21)
  • C
    5% (1)

Why each option

Secured and controlled physical access to the server room is the well-known deterrent that prevents unauthorized individuals, including internal employees, from physically reaching sensitive servers.

AWarning banners stating unauthorized access is forbidden.

Warning banners deter unauthorized logical or remote access attempts but do not physically prevent an employee from walking into an unsecured server room.

BSecured and controlled access to the server room.Correct

Physical access controls such as badge readers, biometrics, or locked server room doors directly prevent unauthorized personnel - including employees like helpdesk staff - from reaching hardware that stores confidential data. This is the foundational physical security control (mapped to NIST PE-3) specifically designed to limit who can physically interact with critical systems.

CA mantrap with a manned guard deters unauthorized access.

A mantrap with a manned guard is a more advanced and costly physical control; secured and controlled access is the more standard well-known deterrent referenced in this context.

DReview the Acceptable use Internet policy before access.

Reviewing the Acceptable Use Policy is an administrative awareness control but does not physically restrict or deter access to the server room.

Concept tested: Physical access control to server room as insider deterrent

Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

Topics

#physical security#access control#insider threat#server room

Community Discussion

No community discussion yet for this question.

Full GCIH Practice