The internal audit group discovered that unauthorized users are making unapproved changes to
various system configuration settings. This issue occurs when previously authorized users transfer
from one department to another and maintain the same credentials. Which of the following
controls can be implemented to prevent such unauthorized changes in the future?
A.
Periodic access review
B.
Group based privileges
C.
Least privilege
D.
Account lockout
The correct answer is Periodic Access Review. This is the practice of reviewing user permissions on a regular basis, specifically to eliminate privilege creep, which is what is being described.
Incorrect Answers:
Account lockout will cause temporary disabling of an account after a certain number of failed login attempts.
Group based privileges could help if users are removed from one group and added to another as they change jobs, but that is more complex.
Least privilege is what will be addressed when the access review is conducted, but will not help by itself.
3
0
Agreed periodic access review
0
0
I agree that it should be A.
0
0