A global organization has engaged multiple hardware support vendors who require periodic access to network infrastructure across several data centers. Which security implementation best addresses both vendor access management and the organization's risk posture?
Network segmentation with role-based firewalls
Dedicated VPN connections with pre-shared keys
Proxied connections with session recording
Just-in-time access control with automated revocation
Just-in-time access control with automated revocation is the correct answer because it provides temporary access that is automatically terminated after a predetermined period or when the maintenance task is complete. This approach minimizes the security risk window by ensuring vendors can only access systems when necessary and for the minimum required duration. It also creates comprehensive audit trails and eliminates the risks associated with persistent access privileges.
The other options are inadequate:
Dedicated VPN connections with pre-shared keys don't address access duration limits and create ongoing access paths.
Network segmentation with role-based firewalls limits scope but doesn't address the temporal aspect of access control.
Proxied connections with session recording provide visibility but don't inherently restrict when or for how long access is granted.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is just-in-time access control?
Open an interactive chat with Bash
Why is automated revocation important in access management?
Open an interactive chat with Bash
How does JIT access control differ from traditional access control methods?
Open an interactive chat with Bash
ISC2 CISSP
Communication and Network Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access