Human Resources suspects an employee is accessing the employee salary database. The administrator is
asked to find out who it is. In order to complete this task, which of the following is a security control that should
be in place?
Shared accounts should be prohibited.
Account lockout should be enabled
Privileges should be assigned to groups rather than individuals
Time of day restrictions should be in use
Since distinguishing between the actions of one person and another isn’t possible if they both use a shared
account, shared accounts should not be allowed. If shared accounts are being used, the administrator will find
the account, but have more than one suspect. To nullify this occurrence, Shared accounts should be prohibited.