You are the administrator of your enterprise. Which of the following controls would you use that BEST protects an enterprise from unauthorized individuals gaining access to sensitive information?

A. Monitoring and recording unsuccessful logon attempts

B. Forcing periodic password changes

C. Using a challenge response system

D. Providing access on a need-to-know basis








 

Suggested Answer: D

Physical or logical system access should be assigned on a need-to-know basis, where there is a legitimate business requirement based on least privilege and segregation of duties. This is done by user authentication.
Incorrect Answers:
A: Monitoring and recording unsuccessful logon attempts does not address the risk of appropriate access rights. In other words, it does not prevent unauthorized access.
B: Forcing users to change their passwords does not ensure that access control is appropriately assigned.
C: Challenge response system is used to verify the user's identification but does not completely address the issue of access risk if access was not appropriately designed in the first place.

This question is in CRISC exam 
For getting Risk and Information Systems Control Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISACA.
The website does not contain actual questions and answers from ISACA's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to ISACA.