Which of the following controls would you use that BEST protects an enterprise from unauthorized individuals gaining access to sensitive information?

You are the administrator of your enterprise. Which of the following controls would you use that
BEST protects an enterprise from unauthorized individuals gaining access to sensitive
information?

You are the administrator of your enterprise. Which of the following controls would you use that
BEST protects an enterprise from unauthorized individuals gaining access to sensitive
information?

A.
Monitoring and recording unsuccessful logon attempts

B.
Forcing periodic password changes

C.
Using a challenge response system

D.
Providing access on a need-to-know basis

Explanation:

Physical or logical system access should be assigned on a need-to-know basis, where there is a
legitimate business requirement based on least privilege and segregation of duties. This is done
by user authentication.
Answer C is incorrect. Challenge response system is used to verify the user’s identification but
does not completely address the issue of access risk if access was not appropriately designed in
the first place.
Answer B is incorrect. Forcing users to change their passwords does not ensure that access
control is appropriately assigned.
Answer A is incorrect. Monitoring and recording unsuccessful logon attempts does not address the
risk of appropriate access rights. In other words, it does not prevent unauthorized access.



Leave a Reply 0

Your email address will not be published. Required fields are marked *