A manufacturer cannot enable end-to-end encryption on traffic generated by legacy production systems. To reduce the risk of eavesdropping, the security team creates an IPsec site-to-site VPN that encapsulates and encrypts all data flowing between the production network and the corporate data center.
Which type of security control BEST describes the VPN in this scenario?
The VPN provides encryption for data in transit when the organization's preferred primary control-end-to-end encryption at the application layer-cannot be implemented on the legacy systems. Because it is an alternative safeguard that offers equivalent protection to the unavailable control, the VPN is considered a compensating control. It is not detective (which only identifies events), corrective (which restores normal operations after an incident), or directive (which guides behavior through policy).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Virtual Private Network (VPN)?
Open an interactive chat with Bash
What is end-to-end encryption and why is it important?
Open an interactive chat with Bash
What are legacy systems and how do they affect security measures?