Free Isaca CCOA Actual Exam Questions - Question 12 Discussion
virtual private network (VPN) with a service provider?
Option B seems right since using a service provider VPN often means you can’t monitor traffic closely, creating blind spots in user behavior that are tough to manage directly.
B/D? DoS attacks are pretty common with VPN endpoints since they’re exposed to the internet. Still, the biggest direct risk from a provider VPN feels like losing sight of user actions, so B sticks out more.
It’s B. Using a service provider’s VPN means you can’t fully see what users are doing, so gaps in visibility are the main risk compared to attacks like DoS or data loss.
B. Besides losing visibility on user behavior, using a site-to-site VPN with a service provider means your monitoring tools might not catch everything since traffic is tunneled and encrypted. This can make it harder to detect insider threats or malware activity inside the network, which is a big deal for security teams. The other options are more about direct attacks or data issues that are less about the VPN’s reliance on the provider and more about overall network security.
It’s C because when using a service provider’s VPN, there’s a greater chance that sensitive data could be intercepted or leaked without detection, especially if the provider’s security is compromised.
A/B? I get why B is popular—losing visibility is a big deal. But I feel like A is more directly tied to the VPN itself since the data could be messed with in transit if something goes wrong with encryption or the tunnel. B’s more about monitoring tools and policies, which aren’t always strictly a VPN issue. The question asks for a PRIMARY risk introduced by the VPN, so I’m thinking A fits better as it’s about the actual data protection in the VPN link itself.
B, because relying on the provider limits your monitoring capabilities directly.
A. I think A makes sense too since data traveling through the VPN could be altered or tampered with, risking data integrity issues. It’s a direct risk from using a third-party connection.
It’s B because when using a service provider’s VPN, you lose some control and visibility over what users are doing, making it harder to monitor suspicious activity directly.
B