GCIH · Question #416
A new helpdesk employee at a multinational corporation took it upon himself to test the security of the servers that holds highly confidential information regarding specific government projects. Which
The correct answer is B. Secured and controlled access to the server room.. Secured and controlled physical access to the server room is the well-known deterrent that prevents unauthorized individuals, including internal employees, from physically reaching sensitive servers.
Question
A new helpdesk employee at a multinational corporation took it upon himself to test the security of the servers that holds highly confidential information regarding specific government projects. Which of the following is a well-known technique for deterring such individuals?
Options
- AWarning banners stating unauthorized access is forbidden.
- BSecured and controlled access to the server room.
- CA mantrap with a manned guard deters unauthorized access.
- DReview the Acceptable use Internet policy before access.
How the community answered
(22 responses)- B95% (21)
- C5% (1)
Why each option
Secured and controlled physical access to the server room is the well-known deterrent that prevents unauthorized individuals, including internal employees, from physically reaching sensitive servers.
Warning banners deter unauthorized logical or remote access attempts but do not physically prevent an employee from walking into an unsecured server room.
Physical access controls such as badge readers, biometrics, or locked server room doors directly prevent unauthorized personnel - including employees like helpdesk staff - from reaching hardware that stores confidential data. This is the foundational physical security control (mapped to NIST PE-3) specifically designed to limit who can physically interact with critical systems.
A mantrap with a manned guard is a more advanced and costly physical control; secured and controlled access is the more standard well-known deterrent referenced in this context.
Reviewing the Acceptable Use Policy is an administrative awareness control but does not physically restrict or deter access to the server room.
Concept tested: Physical access control to server room as insider deterrent
Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
Topics
Community Discussion
No community discussion yet for this question.