Free ISC2 CISSP Actual Exam Questions - Question 6 Discussion
HOTSPOT In the network design below, where is the MOST secure Local Area Network (LAN) segment to deploy a Wireless Access Point (WAP) that provides contractors access to the Internet and authorized enterprise services? 
Option D seems best since it’s clearly in the DMZ, keeping contractors away from internal LAN traffic.
I’m with the group on option B but for a slightly different reason: it looks like it’s positioned in a subnet that can be monitored and controlled separately, which keeps contractor devices off the main LAN altogether. Option C might add a firewall layer, but if that segment is closer to sensitive resources, the risk could still be higher. B feels like a cleaner separation point to me—less chance of contractors accidentally crossing into parts of the enterprise network they shouldn’t access. The key is definitely isolation, and B provides that best by keeping contractor traffic segmented but s
Option C makes sense too since it’s probably behind a firewall or DMZ, adding another layer before contractors reach the main LAN. That extra boundary limits exposure better than B alone.
I think option B works because it’s outside the main LAN, so contractors can’t roam freely but still get what they need. Putting the WAP in the core LAN feels like a big security risk.
I’m thinking option B is safer since it keeps contractors off the main LAN but still lets them reach authorized services. Putting WAP anywhere inside the core LAN seems too risky.
Option B, since it’s isolated and reduces risk to internal LAN segments.
Option D makes sense for better control and isolation from main LAN users.
I’d say near the DMZ to keep contractor access separate from internal systems.
Near the firewall, to isolate contractor traffic from internal LAN.