Exam CISSP topic 1 question 226 discussion

question ask for "most effective method". disgruntled employee/malicious insider cannot stop by an NDA. answer given is correct.

which of the following is the MOST effective method of protecting critical data assets? B. Employ strong access controls Its the most effective. its taking action to protect data.

B is correct. Other options won't stop a determined individual from accessing sensitive data.

B. Employ strong access controls is the MOST effective method of protecting critical data assets when network management is outsourced to third parties. Strong access controls ensure that only authorized personnel can access the critical data assets, reducing the risk of unauthorized access and data breaches. While confirming confidentiality agreements, logging all activities associated with sensitive systems, and providing links to security policies are also important measures, they may not be as effective as employing strong access controls.

The question asks about network management being outsourced and then asking how to secure data. So the data is not outsourced, what is outsourced is who and how your network is run. "Network outsourcing is a multiyear or annuity contract/relationship involving the purchase of ongoing network or telecom management services for managing, enhancing, maintaining and supporting premises or core network infrastructure or enterprise telecommunications assets (including fixed and wireless)" https://www.gartner.com/en/information-technology/glossary/network-outsourcing-enterprise-and-public-network It seems that they are trying to confuse you with this info. The question is really about how to secure data, and B is the answer.

The MOST effective method of protecting critical data assets when network management is outsourced to third parties is to employ strong access controls. This includes implementing measures such as authentication, authorization, and access control mechanisms to ensure that only authorized users have access to the data. Confirming that confidentiality agreements are signed and logging all activities associated with sensitive systems can also help to protect the data, but strong access controls are the most important measure to ensure that only authorized users can access the data. Providing links to security policies can help to educate users about the importance of protecting data, but it is not sufficient on its own to protect the data.

B is the best answer.

Option A is an NDA (non-disclosure agreement), which I dont see it applicable. The question mentioned "protecting critical data assets" which means it seeks a technical control, not administrative. I vote for B.

Only option B can actively prevent access. Hence fits the "most effective method" criteria.

I agree with B

I agree with B

Access controls will prevent the third party vendor from accessing data that they are not allowed to access. An NDA does not protect data. B is the best answer.

You are providing them with access, so B isn't the best option. It's A.

A and B are good. But from management point of view it's A.