PrepAway - Latest Free Exam Questions & Answers

Which of the following would be of MOST concern to an IS auditor reviewing a virtual private network (VPN) imp

Which of the following would be of MOST concern to an IS auditor reviewing a virtual private
network (VPN) implementation? Computers on the network that are located:

PrepAway - Latest Free Exam Questions & Answers

A.
on the enterprise’s internal network.

B.
at the backup site.

C.
in employees’ homes.

D.
at the enterprise’s remote offices.

Explanation:

One risk of a virtual private network (VPN) implementation is the chance of allowing high-risk
computers onto the enterprise’s network. All machines that are allowed onto the virtual network
should be subject to the same security policy. Home computers are least subject to the corporate
security policies, and therefore are high-risk computers. Once a computer is hacked and ‘owned/
any network that trusts that computer is at risk. Implementation and adherence to corporate
security policy is easier when all computers on the network are on the enterprise’s campus. On an
enterprise’s internal network, there should be security policies in place to detect and halt an
outside attack that uses an internal machine as a staging platform. Computers at the backup site
are subject to the corporate security policy, and therefore are not high-risk computers. Computers
on the network that are at the enterprise’s remote offices, perhaps with different IS and security
employees who have different ideas about security, are more risky than choices A and B, but
obviously less risky than home computers.


Leave a Reply