200-201 Security Policies and Procedures • Set 7
200-201 Security Policies and Procedures Practice Test 7 — 15 questions with explanations. Free, no signup.
A vendor security policy requires that all third-party remote access be limited to specific IP addresses and use multi-factor authentication. During an audit, it is discovered that a vendor's entire office subnet is allowed instead of individual IPs. The vendor argues that the broader range is necessary for redundancy. What is the best way to handle this from a policy perspective?