exam questions

Exam IIA-CIA-Part3 All Questions

View all questions & answers for the IIA-CIA-Part3 exam

Exam IIA-CIA-Part3 topic 2 question 171 discussion

Actual exam question from IIA's IIA-CIA-Part3
Question #: 171
Topic #: 2
[All IIA-CIA-Part3 Questions]

Which of the following controls would be the most effective in preventing the disclosure of an organization's confidential electronic information?

  • A. Non-disclosure agreements between the firm and its employees.
  • B. Logs of user activity within the information system.
  • C. Two-factor authentication for access into the information system.
  • D. Limited access to information, based on employee duties.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Elvoo
1 month ago
Selected Answer: D
WHY NOT D?
upvoted 1 times
...
emtofid
2 months ago
Selected Answer: D
Limited access to information ensures that only individuals who absolutely need to access specific information can do so. This minimizes the risk of unauthorized disclosure, as employees are restricted from accessing sensitive information that falls outside their job requirements. It’s a fundamental principle of least privilege, which is key in preventing internal and external security breaches.
upvoted 1 times
...
Elvin
1 year ago
Selected Answer: B
D is my answer as well. Any other thoughts? The most effective control in preventing the disclosure of an organization's confidential electronic information would be limited access to information based on employee duties. By restricting access to sensitive information only to employees who require it for their job responsibilities, the risk of unauthorized disclosure is minimized. This can be achieved by implementing proper access control measures, such as role-based access control or user-level permissions. Nondisclosure agreements between the firm and its employees (option A) can help establish legal consequences for disclosing confidential information, but they alone cannot prevent unauthorized access to such information.
upvoted 3 times
KLynn
6 months, 1 week ago
While important, access controls alone might not be enough to prevent disclosure if someone with authorized access decides to share the information. The question is asking the preventive control for non disclosure of (not accessing) confidential electronic information.
upvoted 1 times
...
...
KonradK
1 year, 2 months ago
How NDA is preventive? It should be D. Any thoughts?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago