Which of the following is NOT a criterion for access control?

A.
Role

B.
Identity

C.
Keystroke monitoring

D.
Transactions

Explanation:
Keystroke monitoring is associated with the auditing function and
not access control. For answer a, the identity of the user is a criterion
for access control. The identity must be authenticated as part of the
I & A process.
Answer Role refers to role-based access control where
access to information is determined by the user’s job function or role
in the organization.
Transactions refer to access control through entering an account number or a transaction number,

as may be required for bill payments by telephone, for example.