ExamTopics Logo
Mail Us[email protected]
Menu
Iia Discussions
exam questions

Exam IIA-CIA-Part3 All Questions

View all questions & answers for the IIA-CIA-Part3 exam
Go to Exam

Exam IIA-CIA-Part3 topic 2 question 171 discussion

Actual exam question from IIA's IIA-CIA-Part3
Question #: 171
Topic #: 2
[All IIA-CIA-Part3 Questions]

Which of the following controls would be the most effective in preventing the disclosure of an organization's confidential electronic information?

  • A. Non-disclosure agreements between the firm and its employees.
  • B. Logs of user activity within the information system.
  • C. Two-factor authentication for access into the information system.
  • D. Limited access to information, based on employee duties.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by KonradK at Jan. 23, 2024, 3:18 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
137a7a9
3 weeks, 2 days ago
Selected Answer: D
D reduces the number of people who have access to the data and only to those who require and therefore presumably, are more likely to be aware of confidentiality impacts. Logs only indicate past access and do nothing to prevent disclosure.
upvoted 1 times
...
Elvoo
1 month, 3 weeks ago
Selected Answer: D
WHY NOT D?
upvoted 1 times
...
emtofid
3 months ago
Selected Answer: D
Limited access to information ensures that only individuals who absolutely need to access specific information can do so. This minimizes the risk of unauthorized disclosure, as employees are restricted from accessing sensitive information that falls outside their job requirements. It’s a fundamental principle of least privilege, which is key in preventing internal and external security breaches.
upvoted 2 times
...
Elvin
1 year, 1 month ago
Selected Answer: B
D is my answer as well. Any other thoughts? The most effective control in preventing the disclosure of an organization's confidential electronic information would be limited access to information based on employee duties. By restricting access to sensitive information only to employees who require it for their job responsibilities, the risk of unauthorized disclosure is minimized. This can be achieved by implementing proper access control measures, such as role-based access control or user-level permissions. Nondisclosure agreements between the firm and its employees (option A) can help establish legal consequences for disclosing confidential information, but they alone cannot prevent unauthorized access to such information.
upvoted 3 times
KLynn
7 months ago
While important, access controls alone might not be enough to prevent disclosure if someone with authorized access decides to share the information. The question is asking the preventive control for non disclosure of (not accessing) confidential electronic information.
upvoted 1 times
...
...
KonradK
1 year, 3 months ago
How NDA is preventive? It should be D. Any thoughts?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago