SSCP Question #182: Real Exam Question with Answer & Explanation

The correct answer is B: Installing the Remote Access Server outside the firewall and forcing legitimate users to. Placing the Remote Access Server (RAS) outside the firewall and requiring legitimate users to authenticate through the firewall (e.g., via VPN termination or proxy) best eliminates the dial-up vector. An attacker who compromises the RAS or dials in still faces the firewall and ca

Submitted by cyberguy42· Apr 18, 2026Network and Communications Security

Question

Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector?

Options

AUsing a TACACS+ server.
BInstalling the Remote Access Server outside the firewall and forcing legitimate users to
CSetting modem ring count to at least 5.
DOnly attaching modems to non-networked hosts.

Explanation

Placing the Remote Access Server (RAS) outside the firewall and requiring legitimate users to authenticate through the firewall (e.g., via VPN termination or proxy) best eliminates the dial-up vector. An attacker who compromises the RAS or dials in still faces the firewall and cannot directly reach internal resources. TACACS+ improves authentication on the RAS but does not eliminate the RAS as an entry point if the server itself is compromised. Setting ring count to 5 only marginally discourages war dialing. Attaching modems only to non-networked hosts removes the remote access utility entirely, which is impractical. Option B isolates the risk architecturally.

Topics

#Remote Access#Network Segmentation#Firewalls#Security Architecture

Community Discussion

No community discussion yet for this question.

Full SSCP Practice Browse All SSCP Questions