Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information.
All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN. The organization wants a more permanent solution to the threat to user credential compromise through phishing.
What technical solution would BEST address this issue?

A. Multi-factor authentication employing hard tokens

B. Forcing password changes every 90 days

C. Decreasing the number of employees with administrator privileges

D. Professional user education on phishing conducted by a reputable vendor








 

Suggested Answer: A






This question is in 712-50 EC-Council Certified CISO (CCISO) Exam
For getting EC-Council Certified CISO (CCISO) Certificate




Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by EC-Council.
Trademarks, certification & product names are used for reference only and belong to EC-Council.
The website does not contain actual questions and answers from EC-Council's Certification Exam.