An organization must transmit sensitive payroll data over the public Internet to a cloud-based payroll service. Because a dedicated private circuit is not financially possible, the security team looks for another measure that will still ensure confidentiality and integrity of the data in transit. Which of the following BEST fits the definition of a compensating control in this situation?
Schedule quarterly external penetration tests
Review firewall and application logs on a daily basis
Require administrators to complete additional security-awareness training
Establish an IPsec-based VPN tunnel for the transmission
Creating an IPsec VPN (or other strong encryption such as TLS 1.3) establishes an encrypted tunnel that offsets the risk of sending data across an untrusted network when the preferred primary control-a private, physically isolated link-cannot be used. That encrypted tunnel therefore serves as a compensating control. Daily log reviews, quarterly penetration tests, and additional awareness training are useful but do not directly provide equivalent protection for the specific gap (lack of a secure transmission channel).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is encryption, and why is it important for data transmission?
Open an interactive chat with Bash
What is a Virtual Private Network (VPN), and how does it work?
Open an interactive chat with Bash
What are intrinsic and direct security assurances in data transmission?