The control of communications test equipment should be clearly addressed by security policy for which of the
following reasons?
A.
Test equipment is easily damaged.
B.
Test equipment can be used to browse information passing on a network.
C.
Test equipment is difficult to replace if lost or stolen.
D.
Test equipment must always be available for the maintenance personnel.
Explanation:
A Protocol Analyzer (also known as a packet sniffer) is a useful tool for testing or troubleshooting network
communications.
A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data
communications sent between devices on a network. Capturing packets sent from a computer system is known
as packet sniffing.
The ability to browse information passing on a network is a security risk which means access to a protocol
analyzer should be carefully managed and therefore addressed by security policy.
Incorrect Answers:
A: Damage to test equipment is not a ‘security’ risk so does not need to be addressed by security policy.
C: Test equipment is generally not difficult to replace if lost or stolen. Even if it was, that would not constitute a
‘security’ risk so it would not need to be addressed by security policy.
D: The need for test equipment to always be available for the maintenance personnel would not constitute a
‘security’ risk so it would not need to be addressed by security policy.