ISC Exam Questions

Which of the following is less likely to help in assessing identification and authentication control

Which of the following is less likely to help in assessing identification and authentication controls?

A.
A current list of authorized users and their access

B.
Passwords that are changed at least every 90 days

C.
Inactive user identifications disabled after a specified period of time

D.
A process in place for reporting incidents

Explanation:
Reporting incidents is more related to incident response capability
(operational control) than to identification and authentication (technical control).