Certified Information Systems Security Professional (CISSP) — Question 309

A systems engineer is designing a wide area network (WAN) environment for a new organization. The WAN will connect sites holding information at various levels of sensitivity, from publicly available to highly confidential. The organization requires a high degree of interconnectedness to support existing business processes.
What is the BEST design approach to securing this environment?

Answer options

• A. Use reverse proxies to create a secondary "shadow" environment for critical systems.
• B. Place firewalls around critical devices, isolating them from the rest of the environment.
• C. Layer multiple detective and preventative technologies at the environment perimeter.
• D. Align risk across all interconnected elements to ensure critical threats are detected and handled.

Correct answer: D

Explanation

The correct answer, D, emphasizes the importance of understanding and managing risks across interconnected systems, which is crucial for a WAN dealing with varying sensitivity levels. Options A and B focus on isolation and secondary environments, which may not provide the necessary holistic security approach. Option C, while useful, does not address the need for aligning risk management across all systems.