Which of the following questions is less likely to help in assessing identification and authentication controls?

SSCP 0 Comments

Which of the following questions is less likely to help in assessing identification and authentication controls?
A .  Is a current list maintained and approved of authorized users and their access?
B .  Are passwords changed at least every ninety days or earlier if needed?
C .  Are inactive user identifications disabled after a specified period of time?
D .  Is there a process for reporting incidents?

Answer: D

Explanation: Identification and authentication is a technical measure that prevents unauthorized people (or unauthorized processes) from entering an IT system. Access control usually requires that the system be able to identify and differentiate among users. Reporting incidents is more related to incident response capability (operational control) than to identification and authentication (technical control). Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (Pages A-30 to A-32).

Latest SSCP Dumps Valid Version with 1074 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SSCP PDF     SSCP Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments