CISA Certified Information Systems Auditor – Question1605 - CISA Certified Information Systems Auditor

What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network?

A. Malicious code could be spread across the network
B. VPN logon could be spoofed
C. Traffic could be sniffed and decrypted
D. VPN gateway could be compromised

Correct Answer: A

Explanation:

Explanation:
VPN is a mature technology; VPN devices are hard to break. However, when remote access is enabled, malicious code in a remote client could spread to the organization’s network. Though choices B, C and D are security risks, VPN technology largely mitigates these risks.