Exam CISSP topic 1 question 314 discussion

C is detective and not preventive

A seems to be the correct answer.

A - feels almost too obvious

Weird question. Honestly none of these answers seem like it would be a decent control. I guess A would be the closest with D a close second. But in reality the real answer is that you would use session management with context access control

Answer A) Ensure each user has their own unique account Answer C seems like a good option until realize it does not prevent anything and only reports after another incident. The other answers are not preventative as well.

A. Ensure each user has their own unique account. By ensuring that each user has their own unique account, individual actions can be traced back to a specific individual, which aids in accountability and non-repudiation. Sharing accounts makes it difficult to determine who performed a specific action, leading to potential security risks and challenges in investigations. The other options do not effectively address the root cause of the problem or provide a robust solution.

C is correct! sounds a little crazy, but thinking as a manager, we must have proper solution in place (SIEM) to log and alert. most of the IT engineers sneak in and use the systems' login accounts to leave no accountability traces, therefor as a manager you do want something to log and hold people accountable.

The correct answer is A. Ensure each user has their own unique account. Explanation: To prevent the problem of multiple people using a single user account simultaneously, the best method is to ensure that each user has their own unique account. By providing each user with a unique account, it becomes easier to track individual activities, enforce access control, and maintain accountability for actions taken on the organization's systems and applications. Additionally, this practice helps prevent unauthorized access or misuse of privileges, as each user's permissions can be tailored specifically to their job responsibilities.

C is correct , if the objective to be a CISSP certified because ( we need to think like a "manager") , there should be a policy stopping share accounts in place ,at this level ; w e need to know who violate it , then we can conduct the awareness or training accordingly

A. Ensure each user has their own unique account.

I will go with C for the following reason: This scenario is either the user credential got compromised, or the user shared his credentials with other people. And in both cases, Option A will not solve the problem, because most likely every user has its own account already. The problem is identified by internal Audit process, which could be detected earlier than that if SIEM solution was set to alert you for this use case. And this way you can prevent this incident in the future by immediacy responding to the problem once it is alerted.

javascript:void(0)C , this is the main function of SIEM

Question is broader than simply "which control is preventative?". Question is asking best way to PREVENT the problem occuring. Problem is two part: 1. Malicious actions not identified until internal Audit occured. 2. Multiple people at multiple locations simultaneously using the account. Option C stands the highest chance of preventing both parts of the problem (it's still not ideal, but is better than A... Providing a unique account does not prevent it being shared. Shared account could be used for malicious actions and this could then again not be discovered until the next internal audit).

ensuring that each user has an account is not sufficient to solve the problem, it does not prevent the sharing of the account between users, services and applications, so the most correct one seems to me to be monitoring and alerts/plyabook (e.g. lock account) SIEM

A SIEM will not PREVENT anything. "A" is the only answer that stinks less (still not effective in my opinion).

C is the most reasonable answer.