CISA Certified Information Systems Auditor – Question1516

Which of the following controls would be the MOST comprehensive in a remote access network with multiple and diverse subsystems?

A.
Proxy server
B. Firewall installation
C. Network administrator
D. Password implementation and administration

Correct Answer: D

Explanation:

Explanation:
The most comprehensive control in this situation is password implementation and administration. While firewall installations are the primary line of defense, they cannot protect all access and, therefore, an element of risk remains. A proxy server is a type of firewall installation; thus, the same rules apply. The network administrator may serve as a control, but typically this would not be comprehensive enough to serve on multiple and diverse systems.