A global organization relies on multiple hardware support vendors who require periodic, privileged access to network infrastructure across several data centers. The CISO is concerned about the risks associated with standing privileges and wants a solution that minimizes the attack surface. Which security implementation BEST addresses both vendor access management and the organization's risk posture?
Proxied connections with session recording
Dedicated VPN connections with pre-shared keys
Network segmentation with role-based firewalls
Just-in-time access control with automated revocation
Just-in-time (JIT) access control with automated revocation is the correct answer because it provides temporary access that is automatically terminated after a predetermined period or when the maintenance task is complete. This approach minimizes the security risk window by ensuring vendors can only access systems when necessary and for the minimum required duration, directly addressing the CISO's concern about standing privileges. It also creates comprehensive audit trails and eliminates the risks associated with persistent access.
The other options are inadequate:
Dedicated VPN connections with pre-shared keys create ongoing access paths and are considered a less secure, high-risk method for vendor access.
Network segmentation with role-based firewalls limits the scope of access but does not address the temporal (time-based) aspect of the access control problem.
Proxied connections with session recording provide visibility and accountability but do not inherently restrict when or for how long access is granted.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is just-in-time (JIT) access control?
Open an interactive chat with Bash
How does automated revocation improve an organization's security posture?
Open an interactive chat with Bash
Why are dedicated VPN connections with pre-shared keys insufficient for vendor access control?
Open an interactive chat with Bash
ISC2 CISSP
Communication and Network Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .