Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 1626 discussion

Actual exam question from Isaca's CRISC
Question #: 1626
Topic #: 1
[All CRISC Questions]

It was discovered that a service provider's administrator was accessing sensitive information without the approval of the customer in an Infrastructure as a Service (IaaS) model. Which of the following would BEST protect against a future recurrence?

  • A. Intrusion prevention system (IPS)
  • B. Contractual requirements
  • C. Data encryption
  • D. Two-factor authentication
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Abbey2 at Jan. 14, 2024, 8:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Sara98
2 months, 2 weeks ago
Selected Answer: B
B. Contractual requirements: Establishing clear contractual terms with the service provider is crucial. Contracts should specify access controls, audit rights, and compliance with data protection requirements. This ensures that administrators have only the access they need and that any unauthorized access is prohibited by the agreement.
upvoted 1 times
...
Abbey2
10 months, 1 week ago
Selected Answer: C
To best protect against a recurrence of a service provider's administrator accessing sensitive information without approval in an Infrastructure as a Service (IaaS) model, the most effective measure would be: C. Data encryption. Encrypting data is a direct way to protect sensitive information from unauthorized access. Even if a service provider's administrator gains access to the data, encryption ensures that the content remains unreadable and secure without the appropriate decryption keys. This measure protects the data at rest as well as in transit, providing a robust defense against unauthorized access, regardless of the internal controls or policies of the service provider.
upvoted 1 times
Joloms
9 months, 2 weeks ago
C. Data encryption: Data encryption is a crucial measure for protecting sensitive information, especially in transit and at rest. Encrypting the data ensures that even if unauthorized access occurs, the data remains unintelligible without the appropriate decryption keys. While encryption doesn't prevent unauthorized access per se, it significantly mitigates the impact of such access.
upvoted 1 times
Joloms
9 months, 2 weeks ago
Among the options provided, D. Two-factor authentication (2FA) would be the best choice for protecting against a future recurrence of unauthorized access by an administrator in an IaaS model. By requiring additional authentication factors beyond just a username and password, 2FA can significantly reduce the risk of unauthorized access to sensitive information.
upvoted 1 times
...
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel