The concentric circle approach is used to

A.
Evaluate environmental threats.

B.
Assess the physical security facility,

C.
Assess the communications network security.

D.
Develop a personnel security program.

Explanation:
The original answer for this question was C (assess the communications network
security) however I think the concentric circle is defining what in the krutz book is know as the
security perimeter. To this end this is a reference
“A circular security perimeter that is under the access control defines the area or zone to be
protected. Preventive/physical controls include fences, badges, multiple doors (man-traps that
consists of two doors physically separated so that an individual can be ‘trapped’ in the space
between the doors after entering one of the doors), magnetic card entry systems, biometrics (for
identification), guards, dogs, environmental control systems (temperature, humidity, and so forth),
and building and access area layout.” -Ronald Krutz The CISSP PREP Guide (gold edition) pg 13

This is a standard concentric circle model shown in Figure 1 . If you’ve never seen this, you
haven’t had a security lecture.
On the outside is our perimeter. We are fortunate to have some defenses on our base. Although
some bases don’t have people guarding the gates and checking IDs any longer, there’s still the
perception that it’s tougher to commit a crime on a Naval base than it would be at GM.
The point is: How much control do we have over fencing and guards? The answer: Not much.
The next circle, the red circle, contains your internal access controls. For our purposes, the heart
of the red circle is the computer. That’s what I want to zero in on. The internal controls are the
things you can do to keep people out of your PCs and off your network.
http://www.chips.navy.mil/archives/96_oct/file5.htm