PrepAway - Latest Free Exam Questions & Answers

Which of the following would provide efficient access c…

A business application system accesses a corporate database using a single ID and password embedded in a
program. Which of the following would provide efficient access control over the organization’s data?

PrepAway - Latest Free Exam Questions & Answers

A.
Introduce a secondary authentication method such as card swipe

B.
Apply role-based permissions within the application system

C.
Have users input the ID and password for each database transaction

D.
Set an expiration period for the database password embedded in the program

Explanation:
When a single ID and password are embedded in a program, the best compensating control would be a sound
access control over the application layer and procedures to ensure access to data is granted based on a user’s
role. The issue is user permissions, not authentication, therefore adding a stronger authentication does not
improve the situation. Having a user input the ID and password for access would provide a better control
because a database log would identify the initiator of the activity. However, this may not be efficient because
each transaction would require a separate authentication process. It is a good practice to set an expiration date
for a password. However, this might not be practical for an ID automatically logged in from the program. Often,this type of password is set not to expire.


Leave a Reply